Security Advisory

CVE-2025-24841

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-19 05:52:15

Last updated 2025-02-19 14:52:41

Assigner jpcert

State PUBLISHED

Description

Movable Type contains a stored cross-site scripting vulnerability in the HTML edit mode of MT Block Editor. It is exploitable when TinyMCE6 is used as a rich text editor and an arbitrary script may be executed on a logged-in users web browser.

← Browse all CVEs View on cve.org ↗