RETIRED: Movable Type A-Form Plugins Cross Site Scripting and Unspecified Security Vulnerabilities
Movable Types A-Form plugins are prone to a cross-site scripting vulnerability and an unspecified security vulnerability.
Attackers can leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected application. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Attackers can exploit the unspecified issue to read or modify content.
The following versions are vulnerable:
A-Form and A-Form Bamboo versions prior to 1.3.6 are vulnerable.
A-Form and A-Form Bamboo versions prior to 2.0.3 are vulnerable.
A-Form PC and A-Form PC/Mobile versions prior to 3.1 are vulnerable.
This BID is being retired. The issues are already documented in BID 50005 (Multiple A-Form Products Cross Site Scripting and Security Bypass Vulnerabilities).