CVE-2025-25054 | Six Apart Movable Type Multi-Factor Authentication Plugin cross site scripting

Inserito da Angelo Barbosa | Feb 19, 2025 | CVE

A vulnerability was found in Six Apart Movable Type, Movable Type Advanced, Movable Type Premium, Movable Type Cloud Edition and Movable Type Premium Cloud Edition. It has been classified as problematic. Affected is an unknown function of the component Multi-Factor Authentication Plugin. The manipulation leads to cross site scripting.

This vulnerability is traded as CVE-2025-25054. It is possible to launch the attack remotely. There is no exploit available.

CVE-2025-25054 | Six Apart Movable Type Multi-Factor Authentication Plugin cross site scripting

Post correlati

CVE-2024-51668 | Mark Tilly MyCurator Content Curation Plugin up to 3.78 on WordPress cross site scripting

CVE-2023-33201 | Oracle Utilties Application Framework up to 4.5.0.1.3 General information disclosure

CVE-2024-13370 | Youzify Plugin up to 1.3.2 on WordPress save_addon_key_license authorization

CVE-2023-51804 | rymcu forest 0.02 HTTP Body URL com.rymcu.forest.web.api.common.UploadController information disclosure (Issue 149)