Candidate: CVE-2012-1262
PublicDate: 2012-03-03 04:04:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1262
 https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt
 http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html
Description:
 Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in
 Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the
 product is incompletely installed, allows remote attackers to inject
 arbitrary web script or HTML via the dbuser parameter, a different
 vulnerability than CVE-2012-0318.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_movabletype-opensource:
upstream_movabletype-opensource: released (4.3.8)
hardy_movabletype-opensource: DNE
lucid_movabletype-opensource: ignored (reached end-of-life)
maverick_movabletype-opensource: ignored (reached end-of-life)
natty_movabletype-opensource: ignored (reached end-of-life)
oneiric_movabletype-opensource: ignored (reached end-of-life)
precise_movabletype-opensource: ignored (reached end-of-life)
precise/esm_movabletype-opensource: DNE (precise was needed)
quantal_movabletype-opensource: not-affected (5.1.4+dfsg-1)
raring_movabletype-opensource: not-affected (5.1.4+dfsg-1)
saucy_movabletype-opensource: not-affected (5.1.4+dfsg-1)
trusty_movabletype-opensource: not-affected (5.1.4+dfsg-1)
trusty/esm_movabletype-opensource: DNE (trusty was not-affected [5.1.4+dfsg-1])
utopic_movabletype-opensource: not-affected (5.1.4+dfsg-1)
vivid_movabletype-opensource: DNE
vivid/stable-phone-overlay_movabletype-opensource: DNE
vivid/ubuntu-core_movabletype-opensource: DNE
wily_movabletype-opensource: DNE
xenial_movabletype-opensource: DNE
yakkety_movabletype-opensource: DNE
zesty_movabletype-opensource: DNE
devel_movabletype-opensource: DNE