RETIRED: Movable Type A-Form Plugins Cross Site Scripting and Unspecified Security Vulnerabilities

Movable Types A-Form plugins are prone to a cross-site scripting vulnerability and an unspecified security vulnerability.

Attackers can leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected application. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Attackers can exploit the unspecified issue to read or modify content.

The following versions are vulnerable:

A-Form and A-Form Bamboo versions prior to 1.3.6 are vulnerable.
A-Form and A-Form Bamboo versions prior to 2.0.3 are vulnerable.
A-Form PC and A-Form PC/Mobile versions prior to 3.1 are vulnerable.

This BID is being retired. The issues are already documented in BID 50005 (Multiple A-Form Products Cross Site Scripting and Security Bypass Vulnerabilities).


Privacy Statement
Copyright 2010, SecurityFocus