Candidate: CVE-2014-0977
PublicDate: 2014-01-10 17:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0977
Description:
 Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable
 Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1
 allows remote attackers to inject arbitrary web script or HTML via
 unspecified vectors.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734304
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_movabletype-opensource:
 vendor: http://www.debian.org/security/2014/dsa-2841
upstream_movabletype-opensource: released (5.2.9+dfsg-1)
lucid_movabletype-opensource: ignored (reached end-of-life)
precise_movabletype-opensource: ignored (reached end-of-life)
precise/esm_movabletype-opensource: DNE (precise was needed)
quantal_movabletype-opensource: ignored (reached end-of-life)
raring_movabletype-opensource: ignored (reached end-of-life)
saucy_movabletype-opensource: ignored (reached end-of-life)
trusty_movabletype-opensource: not-affected (5.2.9+dfsg-1)
trusty/esm_movabletype-opensource: DNE (trusty was not-affected [5.2.9+dfsg-1])
utopic_movabletype-opensource: not-affected (5.2.9+dfsg-1)
vivid_movabletype-opensource: DNE
vivid/stable-phone-overlay_movabletype-opensource: DNE
vivid/ubuntu-core_movabletype-opensource: DNE
wily_movabletype-opensource: DNE
xenial_movabletype-opensource: DNE
yakkety_movabletype-opensource: DNE
zesty_movabletype-opensource: DNE
devel_movabletype-opensource: DNE