|
|
CVE Reference: CVE-2007-3342 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-3342 |
|
|
Description: Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in a javascript: URI or (2) an attribute in an element that lacks the '>' character at the end of the start tag, a different vulnerability than CVE-2007-0231. |
|
|
CVE Status: Candidate |
|
|
References: SREASON http://securityreason.com/securityalert/2821 OSVDB 38621 CONFIRM http://www.sixapart.com/movabletype/beta/distros/MT-3.34-beta-Release-Notes.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/458196/100/0/threaded |
|
| Return to the previous page. |
