CVE-2025-24841
NONE EPSS 10.9%
Published Feb 19, 20251y ago · Modified Jun 17, 20262w ago
Published Feb 19, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
Movable Type contains a stored cross-site scripting vulnerability in the HTML edit mode of MT Block Editor. It is exploitable when TinyMCE6 is used as a rich text editor and an arbitrary script may be executed on a logged-in user's web browser.
Threat Intelligence
EPSS Exploit Probability
10.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
References 2
- jvn.jp https://jvn.jp/en/jp/JVN48742353/
- movabletype.org https://www.movabletype.org/news/2025/02/mt-842-released.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.