CVE-2022-45113

Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium_advanced:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*

History

12 Dec 2022, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-12-07 04:15

Updated : 2024-02-04 23:14


NVD link : CVE-2022-45113

Mitre link : CVE-2022-45113

CVE.ORG link : CVE-2022-45113


JSON object : View

Products Affected

sixapart

  • movable_type
CWE
CWE-20

Improper Input Validation