Security Advisory 06 – 036 – A potential phishing attack via the comments mechanism
Vulnerability discovery and development:
Portcullis Security Testing Services.
Credit for Discovery:
Tim Brown – Portcullis Computer Security Ltd.
All known versions of Movable Type, the vulnerability was discovered for version 3.16.
By forwarding this URL, which may be seen as trusted an attacker may be able to lure its recipients to a malicous site of their creation.
Exploit code is not required.