Known Vulnerabilities for products from Six Apart

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Six Apart".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2012-2644 json	Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers t...	4.3 - MEDIUM	2012-07-07	2012-07-09
CVE-2012-2642 json	Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers t...	4.3 - MEDIUM	2012-07-07	2012-07-09
CVE-2011-2676 json	The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable ...	5.5 - MEDIUM	2011-11-03	2017-08-29
CVE-2009-2492 json	Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to i...	Not Provided	2009-07-17	2026-04-23
CVE-2009-2481 json	mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to b...	Not Provided	2009-07-16	2026-04-23
CVE-2008-5808 json	Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x be...	Not Provided	2009-01-02	2026-04-23
CVE-2008-4634 json	Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to inject arbitrary web scrip...	Not Provided	2008-10-21	2026-04-23
CVE-2008-4079 json	Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise...	Not Provided	2008-09-15	2026-04-23
CVE-2007-3342 json	Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitra...	Not Provided	2007-06-21	2026-04-23
CVE-2007-0231 json	Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are en...	Not Provided	2007-01-13	2026-04-23
CVE-2006-5080 json	Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enter...	Not Provided	2006-09-29	2026-04-23
CVE-2005-4690 json	Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certai...	Not Provided	2005-12-31	2025-04-03
CVE-2005-4689 json	Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to a...	Not Provided	2005-12-31	2025-04-03
CVE-2005-3104 json	mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.	Not Provided	2005-09-28	2025-04-03
CVE-2005-3103 json	Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 allows remote attackers to inject arbitrary web script or...	Not Provided	2005-09-28	2025-04-03
CVE-2005-3102 json	The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root.	Not Provided	2005-09-28	2025-04-03
CVE-2005-3101 json	The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists o...	Not Provided	2005-09-28	2025-04-03
CVE-2003-0287 json	Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remot...	Not Provided	2003-06-16	2025-04-03