Secunia

Some vulnerabilities have been reported in Movable Type, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) A vulnerability is caused due to an unspecified error related to mixed character encoding. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation reportedly requires the victim to use certain browsers (e.g. Internet Explorer 6).

3) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited if a user is tricked into visiting a malicious website.

The vulnerabilities are reported in Movable Type 3.36, 4.01 and 4.13, Movable Type Enterprise 1.55, and Movable Type Community Solution 1.51.

Solution
Fixed in the beta versions of 3.37, 4.01c, and 4.14.

Provided and/or discovered by
JVN credits Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.

Changelog
Further details available in Customer Area

Original Advisory
http://www.movabletype.org/2008/08/movable_type_42_rc5_and_security_updates.html
http://jvn.jp/en/jp/JVN30385652/index.html

Deep Links
Links available in Customer Area