Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/90095
http://www.securitytracker.com/id/1029588
http://www.securityfocus.com/bid/64657
http://www.debian.org/security/2014/dsa-2841
http://secunia.com/advisories/56405
http://secunia.com/advisories/56295
http://seclists.org/oss-sec/2014/q1/36