Candidate: CVE-2008-5845
PublicDate: 2009-01-05 20:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5845
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable
 Type (MT) before 4.23 allow remote attackers to inject arbitrary web script
 or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3)
 MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View
 template; a (5) listing screen or (6) edit screen in the CMS app; (7) a
 TrackBack title, related to the HTML sanitization library; or (8) a user
 archive name (aka archive title) on a published Community Blog template.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_movabletype-opensource:
upstream_movabletype-opensource: released (4.2.3)
dapper_movabletype-opensource: DNE
gutsy_movabletype-opensource: DNE
hardy_movabletype-opensource: DNE
intrepid_movabletype-opensource: needed (reached end-of-life)
jaunty_movabletype-opensource: not-affected (4.2.3-1)
karmic_movabletype-opensource: not-affected (4.2.3-1)
devel_movabletype-opensource: not-affected (4.2.3-1)