Debian Security Advisory DSA 2841-1 (movabletype-opensource - Cross-site Scripting) Network Vulnerability

Summary

A cross-site scripting vulnerability was discovered in the rich text editor of the Movable Type blogging engine.

Solution

For the oldstable distribution (squeeze), this problem has been fixed in version 4.3.8+dfsg-0+squeeze4. For the stable distribution (wheezy), this problem has been fixed in version 5.1.4+dfsg-4+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 5.2.9+dfsg-1. We recommend that you upgrade your movabletype-opensource packages.

Insight

MovableType is a popular blogging, or web publishing platform. It provides an easy to use web interface to publishing blogs and contains many features and plugins.

Affected

movabletype-opensource on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-2841.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0977

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1)
Debian Security Advisory DSA 092-1 (wmtv)
Debian Security Advisory DSA 1048-1 (asterisk)
Debian Security Advisory DSA 1094-1 (gforge)
Debian Security Advisory DSA 1111-2 (kernel-source-2.6.8 et. al.)

Debian Security Advisory DSA 2841-1 (movabletype-opensource - cross-site scripting)

Take action and discover your vulnerabilities