Lucene search

FreeBSD9C133AA0-12BD-11DD-BAB7-0016179B2DD5

HistoryApr 22, 2008 - 12:00 a.m.

serendipity -- multiple cross site scripting vulnerabilities

2008-04-2200:00:00

vuxml.freebsd.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.9%

JSON

Hanno Boeck reports:

The installer of serendipity 1.3 has various Cross Site Scripting
issues. This is considered low priority, as attack scenarios are
very unlikely.
Various path fields are not escaped properly, thus filling them
with javascript code will lead to XSS. MySQL error messages are not
escaped, thus the database host field can also be filled with
javascript.

In the referrer plugin of the blog application serendipity,
the referrer string is not escaped, thus leading to a permanent
XSS.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchserendipity< 1.3.1UNKNOWN
FreeBSDanynoarchserendipity-devel< 200804242342UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	serendipity	< 1.3.1	UNKNOWN
FreeBSD	any	noarch	serendipity-devel	< 200804242342	UNKNOWN

References

blog.s9y.org/archives/193-Serendipity-1.3.1-released.html

int21.de/cve/CVE-2008-1385-s9y.html

int21.de/cve/CVE-2008-1386-s9y.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for 9C133AA0-12BD-11DD-BAB7-0016179B2DD5