Vulnerability ID: JVNDB-2009-000020 Vulnerability Type: Movable Type cross-site scripting vulnerability Affected Software: - Movable Type 4.24 (includes Professional and Community Packs) - Movable Type (commercial) 4.24 (includes Professional Pack) - Movable Type (enterprise) 4.24 - Movable Type 4.24 (Open Source) - Movable Type 4.25 (updated from Movable Type 4.24 - includes Professional and Community Packs) - Movable Type 4.25 (updated from Movable Type 4.24 Enterprise) Vulnerability Impact: An arbitrary script may be executed on the user's web browser. Solution: Update to the latest version according to the information provided by the vendor. Note the initialization of "global templates" may be required for some packages. CVSS Severity: 4.3 (Medium) CVSS Base Metrics: - Access Vector: Network - Access Complexity: Medium - Authentication: None - Confidentiality Impact: None - Integrity Impact: Partial - Availability Impact: None References: - JVN: JVN#97248625 - NVD: CVE-2009-2480 - Secunia Advisory: SA35534 - SecurityFocus: 35471 - ISS X-Force Database: 51329 - VUPEN Security: VUPEN/ADV-2009-1668