CVE Tools

six apart ltd.

Web & CMS PluginsUScommercial

8

Cumulative CVEs

1

Monthly snapshots

#82

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting six apart ltd..

CVE-2026-44392Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be execu...4.3May 20, 2026
CVE-2026-25776Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script.9.8Apr 8, 2026
CVE-2026-33088Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement.9.8Apr 8, 2026
CVE-2026-24447If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embe...6.5Feb 4, 2026
CVE-2026-23704A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable ...6.5Feb 4, 2026
CVE-2026-22875Movable Type contains a stored cross-site scripting vulnerability in Export Sites. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Not...5.4Feb 4, 2026
CVE-2026-21393Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Not...5.4Feb 4, 2026
CVE-2025-62499Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbi...4.8Oct 23, 2025
CVE-2025-54856Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script ma...4.8Oct 23, 2025
CVE-2025-55706URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may l...4.3Aug 20, 2025
CVE-2025-53522Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker.5.3Aug 20, 2025
CVE-2025-24841Movable Type contains a stored cross-site scripting vulnerability in the HTML edit mode of MT Block Editor. It is exploitable when TinyMCE6 is used as a rich text editor and an arbitrary script may...5.4Feb 19, 2025
CVE-2025-25054Movable Type contains a reflected cross-site scripting vulnerability in the user information edit page. When Multi-Factor authentication plugin is enabled and a user accesses a crafted page while l...6.1Feb 19, 2025
CVE-2025-22888Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. If exploited, an arbitrary script may be executed on a logged-in user's web browser.5.4Feb 19, 2025
CVE-2023-45746Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and ...5.4Oct 30, 2023