Serendipity XSS Flaw Network Vulnerability

Summary

The remote version of Serendipity is vulnerable to cross-site scripting attacks due to a lack of sanity checks on the 'searchTerm' parameter in the 'compat.php' script. With a specially crafted URL, an attacker can cause arbitrary code execution in a user's browser resulting in a loss of integrity.

Solution

Upgrade to Serendipity 0.7.1 or newer.

References

http://sourceforge.net/tracker/index.php?func=detail&aid=1076762&group_id=75065&atid=542822

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-2525

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
Apache Struts Directory Traversal Vulnerability
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Apache Tomcat TroubleShooter Servlet Installed
Afian 'includer.php' Directory Traversal Vulnerability

Take action and discover your vulnerabilities