[Description]
MT (Movable Type) is a Blog software.
MT has a XSS filter to remove scripts from user inputs,
but there are ways to evade the filter using malformed input.
[Affected]
Movable Type <= 3.33
[Exploit]
By the default, Blog readers are allowed to post comments
containing html tags.
MT (Movable Type) is a Blog software.
MT has a XSS filter to remove scripts from user inputs,
but there are ways to evade the filter using malformed input.
[Affected]
Movable Type <= 3.33
[Exploit]
By the default, Blog readers are allowed to post comments
containing html tags.
Attac...
[ more ]