{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T03:06:55.503","vulnerabilities":[{"cve":{"id":"CVE-2021-20665","sourceIdentifier":"vultures@jpcert.or.jp","published":"2021-03-05T10:15:12.847","lastModified":"2024-11-21T05:46:58.337","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."},{"lang":"es","value":"Una vulnerabilidad de tipo cross-site scripting en la pantalla de activo Add del campo Contents de Movable Type 7 r.4705 y anteriores (Movable Type 7 Series), Movable Type Advanced 7 r.4705 y anteriores (Movable Type Advanced 7 Series), Movable Type Premium versiones 1.39 y anteriores, y Movable Type Premium Advanced versiones 1.39 y anteriores, permiten a atacantes remotos inyectar un script arbitrario por medio de vectores no especificados"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:movabletype:movable_type:*:*:*:*:*:*:*:*","versionEndIncluding":"7.4705","matchCriteriaId":"A4E348C5-DD83-420E-B3ED-255BA0B63EAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:movabletype:movable_type_advanced:*:*:*:*:*:*:*:*","versionEndIncluding":"7.4705","matchCriteriaId":"00880E0E-D684-4CEB-8456-0974C050C57A"},{"vulnerable":true,"criteria":"cpe:2.3:a:movabletype:movable_type_premium:*:*:*:*:*:*:*:*","versionEndIncluding":"1.39","matchCriteriaId":"00701C5D-F374-4FE2-8617-9EE8708308C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:movabletype:movable_type_premium_advanced:*:*:*:*:*:*:*:*","versionEndIncluding":"1.39","matchCriteriaId":"F76DB403-8212-43C2-B82D-C045306F3C69"}]}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN66542874/index.html","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory"]},{"url":"https://movabletype.org/news/2021/02/mt-760-676-released.html","source":"vultures@jpcert.or.jp","tags":["Release Notes","Vendor Advisory"]},{"url":"https://jvn.jp/en/jp/JVN66542874/index.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://movabletype.org/news/2021/02/mt-760-676-released.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}}]}