CVE-2022-38972

Publication date

2022-09-12 01:50:14

Family

jpcert

State

PUBLISHED

Description

Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.