Security Advisory

CVE-2026-21393

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-04 07:02:50

Last updated 2026-02-04 16:08:26

Assigner jpcert

State PUBLISHED

Description

Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in users web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL), are affected by the vulnerability as well.

← Browse all CVEs View on cve.org ↗