Hi, Movable Type 4.38 has been released few weeks ago, fixing a security issue in the upgrade page.
More information can be found at [1] but basically it looks like missing input sanitation on the mt-upgrade.cgi page. As far as I can tell, no CVE has been allocated yet, could someone allocate one? Regards, [1]: http://www.movabletype.org/2013/01/movable_type_438_patch.html -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
