Debian Security Advisory
DSA-2841-1 movabletype-opensource -- cross-site scripting
- Date Reported:
- 11 Jan 2014
- Affected Packages:
- movabletype-opensource
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 734304.
In Mitre's CVE dictionary: CVE-2014-0977. - More information:
-
A cross-site scripting vulnerability was discovered in the rich text editor of the Movable Type blogging engine.
For the oldstable distribution (squeeze), this problem has been fixed in version 4.3.8+dfsg-0+squeeze4.
For the stable distribution (wheezy), this problem has been fixed in version 5.1.4+dfsg-4+deb7u1.
For the unstable distribution (sid), this problem has been fixed in version 5.2.9+dfsg-1.
We recommend that you upgrade your movabletype-opensource packages.