Vulnerability Description
Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobile before 3.1 plug-ins for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-2676.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ark-Web | A-Form Pc | <= 3.0 |
| Ark-Web | A-Form Pc Mobile | <= 3.0 |
| Sixapart | Movabletype | All versions |
Related Weaknesses (CWE)
References
- http://www.ark-web.jp/movabletype/a-form/docs/security_patch.htmlPatch
- http://www.ark-web.jp/movabletype/blog/2011/09/aform_update110927.htmlPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70405
- http://www.ark-web.jp/movabletype/a-form/docs/security_patch.htmlPatch
- http://www.ark-web.jp/movabletype/blog/2011/09/aform_update110927.htmlPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70405
FAQ
What is CVE-2011-4274?
CVE-2011-4274 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobile before 3.1 plug-ins for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a d...
How severe is CVE-2011-4274?
CVE-2011-4274 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4274?
Check the references section above for vendor advisories and patch information. Affected products include: Ark-Web A-Form Pc, Ark-Web A-Form Pc Mobile, Sixapart Movabletype.