Source: movabletype-opensource Severity: important Version: 5.2.7+dfsg-1 Tags: security
http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html DETAILS OF THE SECURITY UPDATES The Rich Text Editor in previous versions of Movable Type 6 and Movable Type 5 are susceptible to cross-site scripting (XSS) attacks. A remote attacker can inject JavaScript into a page or entry in a Movable Type blog or website. This JavaScript can be executed on the client browser when that page or entry is subsequently displayed in the Rich Text Editor. These vulnerabilities were reported by a member of the Movable Type community, and were kept confidential until the release of the updated versions of Movable Type. 5.2.9 is to be found at http://www.movabletype.jp/downloads/stable/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
