{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T13:49:40.191","vulnerabilities":[{"cve":{"id":"CVE-2007-0231","sourceIdentifier":"cve@mitre.org","published":"2007-01-13T02:28:00.000","lastModified":"2026-06-16T22:35:10.133","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field."},{"lang":"es","value":"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Movable Type (MT) 3.33, cuando nofollow está desactivado y comentarios sin moderación activado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo Comments."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:six_apart:movable_type:3.33:*:*:*:*:*:*:*","matchCriteriaId":"B584BED2-F630-4A5B-8FE9-29BBE9517214"}]}]}],"references":[{"url":"http://golem.ph.utexas.edu/~distler/blog/archives/001102.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://osvdb.org/32717","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/23669","source":"cve@mitre.org"},{"url":"http://www.vupen.com/english/advisories/2007/0142","source":"cve@mitre.org"},{"url":"http://www.zackvision.com/weblog/2007/01/movabletype-security-bug.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://golem.ph.utexas.edu/~distler/blog/archives/001102.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://osvdb.org/32717","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/23669","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2007/0142","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.zackvision.com/weblog/2007/01/movabletype-security-bug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}