Vulnerability discovery and development:
Portcullis Security Testing Services.
Credit for Discovery:
Tim Brown – Portcullis Computer Security Ltd.
All known versions of Movable Type, the vulnerability was discovered for version 3.16.
An attacker could use this to execute malicious code on visitors computers.
Exploit code is not required.