CVE-2014-0977

N/A Unknown

Published: January 10, 2014 Modified: April 29, 2026

Description

Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734304

Source: security@debian.org

http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html

Source: security@debian.org

Vendor Advisory

http://seclists.org/oss-sec/2014/q1/24

Source: security@debian.org

http://seclists.org/oss-sec/2014/q1/36

Source: security@debian.org

http://secunia.com/advisories/56295

Source: security@debian.org

Vendor Advisory

http://secunia.com/advisories/56405

Source: security@debian.org

http://www.debian.org/security/2014/dsa-2841

Source: security@debian.org

http://www.securityfocus.com/bid/64657

Source: security@debian.org

http://www.securitytracker.com/id/1029588

Source: security@debian.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/90095

Source: security@debian.org

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734304