[pkg-mt-om-devel] Bug#734304: movabletype-opensource: XSS Security vulnerabilities fixed in 5.2.9
Dominic Hargreaves
dom at earth.li
Sun Jan 5 18:44:57 UTC 2014
Source: movabletype-opensource
Severity: important
Version: 5.2.7+dfsg-1
Tags: security
http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html
DETAILS OF THE SECURITY UPDATES
The Rich Text Editor in previous versions of Movable Type 6 and Movable Type 5 are susceptible to cross-site scripting (XSS) attacks. A remote attacker can inject JavaScript into a page or entry in a Movable Type blog or website. This JavaScript can be executed on the client browser when that page or entry is subsequently displayed in the Rich Text Editor.
These vulnerabilities were reported by a member of the Movable Type community, and were kept confidential until the release of the updated versions of Movable Type.
5.2.9 is to be found at
http://www.movabletype.jp/downloads/stable/
More information about the pkg-mt-om-devel
mailing list