Movable Type 5.04 and Movable Type 4.35 were released today. These are mandatory security updates for all users. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x.
A remote attacker could execute arbitrary code in a logged-in users' web browser. A remote attacker could read or modify the contents in the system under certain circumstances.
Please upgrade to the latest versions of Movable Type 4 or Movable Type 5.