4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
77.9%
Hanno Boeck reports:
The installer of serendipity 1.3 has various Cross Site Scripting
issues. This is considered low priority, as attack scenarios are
very unlikely.
Various path fields are not escaped properly, thus filling them
with javascript code will lead to XSS. MySQL error messages are not
escaped, thus the database host field can also be filled with
javascript.
In the referrer plugin of the blog application serendipity,
the referrer string is not escaped, thus leading to a permanent
XSS.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | serendipity | < 1.3.1 | UNKNOWN |
FreeBSD | any | noarch | serendipity-devel | < 200804242342 | UNKNOWN |