Movable Type Comments HTML Injection Vulnerability

Bugtraq ID:	22264
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 26 2007 12:00AM
Updated:	Jan 29 2007 08:39PM
Credit:	teracci2002 is credited with the discovery of this vulnerability.
Vulnerable:	Movable Type Movable Type 3.17 Movable Type Movable Type 3.16 Movable Type Movable Type 3.2 Movable Type Movable Type 2.63 Movable Type Movable Type 2.0 Movable Type Movable Type 3.33 Movable Type Movable Type 3.32 Movable Type Movable Type 3.31 Movable Type Movable Type 3.3
Not Vulnerable:	Movable Type Movable Type 3.34

Movable Type Comments HTML Injection Vulnerability

Movable Type is prone to an HTML-injection vulnerability because the application fails to sufficiently sanitize user-supplied data.

Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.

Movable Type 3.33 and prior versions are affected by this issue.

Movable Type Comments HTML Injection Vulnerability

An attacker can exploit this issue with a browser.

Movable Type Comments HTML Injection Vulnerability

Solution:
The vendor has released Movable Type 3.34 to address this issue. Please contact the vendor for information on how to obtain the new version.

Movable Type Comments HTML Injection Vulnerability

References:

• Movable Type Home Page (Six Apart)
  
• Movable Type <= 3.33 XSS Exploit ( teracci2002)
  
• Six Apart, Ltd. Release Notes - Movable Type: 3.34 (Six Apart, Ltd.)