Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the administrative page, a different vulnerability than CVE-2008-4079.
https://exchange.xforce.ibmcloud.com/vulnerabilities/45968
http://www.sixapart.jp/movabletype/news/2008/10/15-1400.html
http://www.securityfocus.com/bid/31826
http://secunia.com/advisories/32305