Some vulnerabilities have been reported in Movable Type, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.

1) Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

This vulnerability is reported in the following versions. Other versions may also be affected.
- Movable Type 4
- Movable Type 4 Enterprise
- Movable Type 4 Community Solution
- Movable Type 4 (Open Source)
- Movable Type 3
- Movable Type Enterprise 1.5

2) An error in the "Manage Entries" interface can be exploited by a user with "create post" permissions to publish certain posts without having the required "publish post" permission.

This vulnerability is reported in versions prior to 4.23.

Solution
Update to the latest version:
Further details available to Secunia VIM customers

Provided and/or discovered by
1) An anonymous person and Takeshi Terada, Mitsui Bussan via JVN.
2) Reported by the vendor.

Changelog
Further details available to Secunia VIM customers

Original Advisory
JVN:
http://jvn.jp/jp/JVN71945722/index.html
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000002.html
http://jvn.jp/en/jp/JVN45658190/
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000031.html

Movable Type:
http://www.movabletype.jp/blog/_movable_type_423.html
http://www.movabletype.org/mt_423_change_log.html

Deep Links
Links available to Secunia VIM customers