Vulnerability Description
Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Six Apart | Movable Type | <= 2.6 |
References
- http://marc.info/?l=bugtraq&m=105276879622636&w=2
- http://marc.info/?l=bugtraq&m=105277690132079&w=2
- http://marc.info/?l=bugtraq&m=105284589927655&w=2
- http://www.securityfocus.com/bid/7560
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12003
- http://marc.info/?l=bugtraq&m=105276879622636&w=2
- http://marc.info/?l=bugtraq&m=105277690132079&w=2
- http://marc.info/?l=bugtraq&m=105284589927655&w=2
- http://www.securityfocus.com/bid/7560
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12003
FAQ
What is CVE-2003-0287?
CVE-2003-0287 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, po...
How severe is CVE-2003-0287?
CVE-2003-0287 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0287?
Check the references section above for vendor advisories and patch information. Affected products include: Six Apart Movable Type.