Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-38972

Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.

Published

2022-09-12T02:15:07.807

Last Modified

2024-11-21T07:17:17.427

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ark-web	a-form	< 3.9.1	Yes
Application	ark-web	a-form	< 4.1.1	Yes

References

https://jvn.jp/en/jp/JVN48120704/index.html Third Party Advisory ([email protected])
https://www.ark-web.jp/blog/archives/2022/09/a-series-411-391.html Vendor Advisory ([email protected])
https://www.ark-web.jp/movabletype/blog/2022/09/a-series-411-391.html Vendor Advisory ([email protected])
https://jvn.jp/en/jp/JVN48120704/index.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ark-web.jp/blog/archives/2022/09/a-series-411-391.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ark-web.jp/movabletype/blog/2022/09/a-series-411-391.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)