Movable Type Multiple Input Validation Vulnerabilities And User Enumeration Weakness

Movable Type Multiple Input Validation Vulnerabilities And User Enumeration Weakness

Movable Type is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. It is also prone to a username-enumeration weakness.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, cause arbitrary script code to run within the context of the webserver process that is hosting the affected software, and compromise the availability and integrity of a computer to ultimately gain remote unauthorized access by overwriting sensitive files (such as the password file).

Movable Type 3.16 is affected; other versions may also be vulnerable.