Movable Type Documentation
Search

« 3.35 (2007.04.12) | Up

Chapter H: Changelog

3.33 (2006.09.26)

Show

Release notes - Movable Type 3.33

39376: MT::App XSS vulnerablity on '__mode' parameter

FIXED: Fixed an XSS vulnerability in MT::App which allowed an attacker to include malicious Javascript in the __mode parameter value of a URL.

39121: MT-Search `IncludeBlogs` XSS vulnerability

FIXED: Fixed an XSS vulnerability in mt-search.cgi which allowed an attacker to include malicious Javascript in the IncludeBlogs parameter value.

39381: Activity log search query metadata XSS vulnerability

FIXED: Fixed an XSS vulnerability in mt-search.cgi in which malicious script data from searches would be displayed and executed in the Activity Log.

39488: Sanitization of activity log metadata

FIXED: Implemented protection from previous XSS attacks against the MT activity log by retroactively sanitizing log metadata.

38666: Comment preview XSS vulnerability

FIXED: Fixed an XSS vulnerability in mt-comments.cgi in which malicious script content was not properly sanitized in comment preview.

39460: MT Newsbox/NewsboxURL source XSS vulnerability

FIXED: Implemented sanitization of content from the MT Newsbox (or customized NewsboxURL) to prevent XSS attacks injected into the NewsboxURL source.

39439: Feeds.app Lite XSS vulnerability with unsanitized feeds

FIXED: Fixed an XSS vulnerability in Feeds.app Lite in which malicious script data was not properly sanitized in incoming feed subscriptions.

Submit Feedback on This Article

Your comments on how we can improve this article are appreciated; but please do not use the feedback form to submit support requests or question. We will not respond to or publish such queries submitted through this form. If you have a technical question or problem, visit Movable Type Support.

Six Apart
Makers of weblog software and services for individuals, organizations and businesses.
This website is powered by Movable Type.