CVE-2012-0317

high

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.

References

http://www.securitytracker.com/id?1026738

http://www.securityfocus.com/bid/52138

http://www.movabletype.org/documentation/appendices/release-notes/513.html

http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

http://www.debian.org/security/2012/dsa-2423

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015

http://jvn.jp/en/jp/JVN70683217/index.html

Details

Source: Mitre, NVD

Published: 2012-03-03

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High