Vendor coverage
Track published CVEs, severity trends, and remediation context for ark-web products.
Search results
Showing 1-5 of 5 vulnerabilities.
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.
CVSS
6.1
MEDIUM
Published
Sep 12, 2022
SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.
CVSS
9.8
CRITICAL
Published
Dec 1, 2017
SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.
CVSS
9.8
CRITICAL
Published
Dec 1, 2017
Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobile before 3.1 plug-ins for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-2676.
CVSS
4.3
UNKNOWN
Published
Nov 3, 2011
The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors.
CVSS
5.5
UNKNOWN
Published
Nov 3, 2011
