[Secure-testing-team] Bug#627936: movabletype-opensource: Unspecified security vulnerabilities fixed in 4.36
Dominic Hargreaves
dom at earth.li
Wed May 25 17:21:13 UTC 2011
Package: movabletype-opensource
Version: 4.3.5+dfsg-3
Severity: grave
Tags: security
Justification: user security hole
As reported in
<http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html>
Quote:
"A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances."
More information about the Secure-testing-team
mailing list