CVE-2003-0287
Summary
| CVE | CVE-2003-0287 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2003-06-16 04:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled. |
Risk And Classification
Primary CVSS: v2.0 6.8 from [email protected]
AV:N/AC:M/Au:N/C:P/I:P/A:P
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Six Apart | Movable Type | 2.63 | All | All | All |
| Application | Six Apart | Movable Type | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 'Re: CSS found in Movable Type -- Nope' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| Movable Type Comment Form HTML Code Injection Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| 'Re: CSS found in Movable Type' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| 'CSS found in Movable Type' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.