Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-1262

Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318.

See the

CVE page on Mitre.org for more details.

References

MISC: https://www.trustwave....
CONFIRM: http://www.movabletype...
CONFIRM: http://www.movabletype...
JVN: JVN#49836527
JVNDB: JVNDB-2012-000016
FULLDISC: 20120224 TWSL2012-003:...
MISC: http://packetstormsecu...
BID: 52138
OSVDB: 79470
SECTRACK: 1026738
XF: movable-type-mtwizard-...
XF: movable-type-publishin...
DEBIAN: DSA-2423

Launchpad.net

CVE 2012-1262

Related bugs

References