CVE-2022-45113

Published Dec 7, 2022

Last updated 2 years ago

CVSS medium 6.5

Overview

Description: Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EBDEEB4-E2A9-4D7B-AAFF-8657E9708A24",
            "versionEndIncluding": "1.53"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A3C1F5D-755D-4FC4-975D-314C602BE0D4",
            "versionEndIncluding": "1.53"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9375A34-27A6-4597-8F7B-14BF40DC8B7E",
            "versionEndExcluding": "6.8.7",
            "versionStartIncluding": "6.0"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B43BD207-E293-4617-B1C7-5EE7F095BFDE",
            "versionEndExcluding": "6.8.7",
            "versionStartIncluding": "6.0"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EBB4183-9E9B-4686-9692-0223FAA34019",
            "versionEndExcluding": "7.9.6",
            "versionStartIncluding": "7.0"
          },
          {
            "criteria": "cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "123C8E47-C983-401D-A081-033E94E112D0",
            "versionEndExcluding": "7.9.6",
            "versionStartIncluding": "7.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References