CVE-2008-5845

CVE Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	4.3		AV:N/AC:M/Au:N/C:N/I:P/A:N	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.14%	–	–
2022-02-13	–	–	1.14%	–	–
2022-04-03	–	–	1.14%	–	–
2022-04-24	–	–	1.14%	–	–
2022-07-17	–	–	1.14%	–	–
2022-11-13	–	–	1.14%	–	–
2022-11-20	–	–	1.14%	–	–
2022-12-04	–	–	1.14%	–	–
2023-03-12	–	–	–	0.19%	–
2023-05-14	–	–	–	0.19%	–
2023-09-17	–	–	–	0.19%	–
2024-02-11	–	–	–	0.19%	–
2024-05-12	–	–	–	0.19%	–
2024-06-02	–	–	–	0.19%	–
2024-10-27	–	–	–	0.19%	–
2024-12-22	–	–	–	0.19%	–
2025-02-16	–	–	–	0.19%	–
2025-01-19	–	–	–	0.19%	–
2025-02-16	–	–	–	0.19%	–
2025-03-18	–	–	–	–	0.25%
2025-03-30	–	–	–	–	0.25%
2025-04-15	–	–	–	–	0.25%
2025-04-15	–	–	–	–	0.25,%

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Date	Percentile
2022-02-06	34%
2022-02-13	35%
2022-04-03	56%
2022-04-24	57%
2022-07-17	58%
2022-11-13	59%
2022-11-20	58%
2022-12-04	59%
2023-03-12	55%
2023-05-14	56%
2023-09-17	57%
2024-02-11	56%
2024-05-12	56%
2024-06-02	57%
2024-10-27	58%
2024-12-22	57%
2025-02-16	58%
2025-01-19	57%
2025-02-16	58%
2025-03-18	47%
2025-03-30	46%
2025-04-15	49%
2025-04-15	49%

Products Mentioned

Configuraton 0

Sixapart>>Movable_type >> Version To (including) 4.21

Sixapart>>Movable_type >> Version - (Open CPE detail)
Sixapart>>Movable_type >> Version 1.0 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.1 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.3 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.4 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.11 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.11 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.21 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.21 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.22 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.22 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.23 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.23 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.24 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.24 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.25 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.25 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.26 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.26 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.26 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.27 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.27 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.28 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.28 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.29 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.29 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.29 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.30 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.30 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.31 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.31 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.31 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.32 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.32 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.33 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.33 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.34 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.34 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.35 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.35 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.36 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.36 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.37 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.37 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.38 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.38 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.39 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.39 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.40 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.40 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.41 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.41 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.42 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.42 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.43 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.43 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.44 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.44 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.45 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.45 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.46 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.46 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.47 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.52 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.53 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.53 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.59 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.59 (Open CPE detail)
Sixapart>>Movable_type >> Version 1.59 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.0 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.1 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.5 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.6 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.11 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.21 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.51 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.61 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.62 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.63 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.64 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.65 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.66 (Open CPE detail)
Sixapart>>Movable_type >> Version 2.661 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.0d (Open CPE detail)
Sixapart>>Movable_type >> Version 3.1 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.01d (Open CPE detail)
Sixapart>>Movable_type >> Version 3.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.11 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.12 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.14 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.15 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.16 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.17 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.31 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.32 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.33 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.34 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.35 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.36 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.37 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.38 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.0 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.0 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.0 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.0 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.0 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.0 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.0 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.0 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.0 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.0 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.0 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.01 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.1 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.01 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.1 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.01 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.1 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.01 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.1 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.01a (Open CPE detail)
Sixapart>>Movable_type >> Version 4.01b (Open CPE detail)
Sixapart>>Movable_type >> Version 4.01c (Open CPE detail)
Sixapart>>Movable_type >> Version 4.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.3 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.12 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.13 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.14 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.15 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.15 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.15 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.21 (Open CPE detail)

Sixapart>>Movable_type >> Version 3.0d

Sixapart>>Movable_type >> Version 3.0d (Open CPE detail)

Sixapart>>Movable_type >> Version 3.1

Sixapart>>Movable_type >> Version 3.1 (Open CPE detail)

Sixapart>>Movable_type >> Version 3.01d

Sixapart>>Movable_type >> Version 3.01d (Open CPE detail)

Sixapart>>Movable_type >> Version 3.2

Sixapart>>Movable_type >> Version 3.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 3.2 (Open CPE detail)

Sixapart>>Movable_type >> Version 3.3

Sixapart>>Movable_type >> Version 3.11

Sixapart>>Movable_type >> Version 3.11 (Open CPE detail)

Sixapart>>Movable_type >> Version 3.12

Sixapart>>Movable_type >> Version 3.12 (Open CPE detail)

Sixapart>>Movable_type >> Version 3.14

Sixapart>>Movable_type >> Version 3.14 (Open CPE detail)

Sixapart>>Movable_type >> Version 3.15

Sixapart>>Movable_type >> Version 3.15 (Open CPE detail)

Sixapart>>Movable_type >> Version 3.16

Sixapart>>Movable_type >> Version 3.16 (Open CPE detail)

Sixapart>>Movable_type >> Version 3.17

Sixapart>>Movable_type >> Version 3.17 (Open CPE detail)

Sixapart>>Movable_type >> Version 3.32

Sixapart>>Movable_type >> Version 3.32 (Open CPE detail)

Sixapart>>Movable_type >> Version 3.33

Sixapart>>Movable_type >> Version 3.33 (Open CPE detail)

Sixapart>>Movable_type >> Version 3.34

Sixapart>>Movable_type >> Version 3.34 (Open CPE detail)

Sixapart>>Movable_type >> Version 3.35

Sixapart>>Movable_type >> Version 3.35 (Open CPE detail)

Sixapart>>Movable_type >> Version 4.2

Sixapart>>Movable_type >> Version 4.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.2 (Open CPE detail)
Sixapart>>Movable_type >> Version 4.2 (Open CPE detail)

References

http://jvn.jp/en/jp/JVN45658190/index.html
Tags : third-party-advisory, x_refsource_JVN

http://www.movabletype.org/mt_423_change_log.html
Tags : x_refsource_CONFIRM

http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html
Tags : third-party-advisory, x_refsource_JVNDB

CVE-2008-5845 : Detail