Global Timing Differences?
According to a security bulletin just released by Secunia, MT installations with versions 3.3, 3.31 and 3.32 are vulnerable to a cross site scripting attack. This info was obtained from a Japanese researcher, and while the Japanese Sixapart site refers to this issue and seems to offer a patched version 3.33, the Sixapart.com site mentions nothing (yet) at the time of this post.
Unfortunately, my Japanese is not as good as to know what has been released and what patches/updates are available. If anyone could translate, please do so and leave some feedback!
Update : Movable Type 3.33/MT Enterprise 1.03 released
Posted by ServMe at September 26, 2006 6:13 PM
| Security Alert | Tagged : exploits, patches, technology, vulnerabilities |