Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-5084 | First vendor Publication | 2012-04-02 |
| Vendor | Cve | Last vendor Modification | 2018-01-18 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5084 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:14661 | |||
| Oval ID: | oval:org.mitre.oval:def:14661 | ||
| Title: | DSA-2423-1 movabletype-opensource -- several | ||
| Description: | Several vulnerabilities were discovered in Movable Type, a blogging system: Under certain circumstances, a user who has "Create Entries" or "Manage Blog" permissions may be able to read known files on the local file system. The file management system contains shell command injection vulnerabilities, the most serious of which may lead to arbitrary OS command execution by a user who has a permission to sign-in to the admin script and also has a permission to upload files. Session hijack and cross-site request forgery vulnerabilities exist in the commenting and the community script. A remote attacker could hijack the user session or could execute arbitrary script code on victim's browser under the certain circumstances. Templates which do not escape variable properly and mt-wizard.cgi contain cross-site scripting vulnerabilities. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2423-1 CVE-2012-1497 CVE-2012-1262 CVE-2012-0320 CVE-2012-0319 CVE-2012-0318 CVE-2012-0317 CVE-2011-5085 CVE-2011-5084 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | movabletype-opensource |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-03-12 | Name : Debian Security Advisory DSA 2423-1 (movabletype-opensource) File : nvt/deb_2423_1.nasl |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-03-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2423.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
| Source | Url |
|---|---|
| CONFIRM | http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_updat... |
| DEBIAN | http://www.debian.org/security/2012/dsa-2423 |
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:18:05 |
|
| 2021-04-22 01:21:22 |
|
| 2020-05-23 00:32:26 |
|
| 2018-01-18 09:21:51 |
|
| 2017-11-09 12:04:23 |
|
| 2014-02-17 11:06:41 |
|
| 2013-05-10 23:12:23 |
|
