Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. If exploited, an arbitrary script may be executed on a logged-in user's web browser.