Attention bloggers! If you have a blog that runs Movable Type software there is a critical update that you need to install immediately.
Today we released a mandatory security update for Movable Type and Movable Type Enterprise to resolve a number of cross-site scripting vulnerabilities. To make updating your system easier, we are providing patch distributions for Movable Type versions 3.32 and Movable Type 3.2 containing only the files which have changed.
As one of the first to report this issue (which Movable Type maker Six Apart was already working to resolve), I can assure you of its seriousness. Six Apart has asked that I (and others) sit on the details of the vulnerabilities for a few days until their customers have a chance to apply the patch or upgrade. It’s important to note that versions prior to version 3.2 are, in certain instances, vulnerable and upgrading to the latest version is strongly recommended.