Six Apart CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (26 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2003-0287	1 Six Apart	1 Movable Type	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
CVE-2025-54856	1 Six Apart	1 Movable Type	2026-04-15	N/A
Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page.
CVE-2025-62499	1 Six Apart	1 Movable Type	2026-04-15	N/A
Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of ContentType page.
CVE-2012-2644	2 Hazama, Six Apart	2 Mt4i, Movable Type	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642.
CVE-2012-2642	2 Hazama, Six Apart	2 Mt4i, Movable Type	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2644.
CVE-2011-2676	2 Ark-web, Six Apart	5 A-form, A-form Bamboo, A-form Pc and 2 more	2025-04-11	N/A
The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors.

« first previous Page 2 of 2.