Lucene search
HistoryOct 25, 2005 - 4:00 a.m.
CVE-2004-2525
cve-2004-2525
cross-site scripting
xss
serendipity
web security
vulnerability
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.1%
Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.
Affected configurations
Node
s9yserendipityMatch0.3
ORs9yserendipityMatch0.4
ORs9yserendipityMatch0.5
ORs9yserendipityMatch0.5_pl1
ORs9yserendipityMatch0.6
ORs9yserendipityMatch0.6_pl1
ORs9yserendipityMatch0.6_pl2
ORs9yserendipityMatch0.6_pl3
ORs9yserendipityMatch0.6_rc1
ORs9yserendipityMatch0.6_rc2
ORs9yserendipityMatch0.7
ORs9yserendipityMatch0.7_beta1
ORs9yserendipityMatch0.7_beta2
ORs9yserendipityMatch0.7_beta3
ORs9yserendipityMatch0.7_beta4
ORs9yserendipityMatch0.7_rc1
Related
nvd
nvd
CVE-2004-2525
2004-12-31 05:00:00
openvas
openvas
Serendipity XSS Flaw
2005-11-03 00:00:00
Serendipity XSS Flaw
2005-11-03 00:00:00
nessus
nessus
Serendipity compat.php searchTerm Parameter XSS
2004-12-06 00:00:00
cvelist
cvelist
CVE-2004-2525
2005-10-25 04:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.1%
Related for CVE-2004-2525