Serendipity -- XSS Vulnerabilities

ID 96ED277B-60E0-11DB-AD2D-0016179B2DD5
Type freebsd
Reporter FreeBSD
Modified 2006-10-19T00:00:00


The Serendipity Team reports:

Serendipity failed to correctly sanitize user input on the media manager administration page. The content of GET variables were written into JavaScript strings. By using standard string evasion techniques it was possible to execute arbitrary JavaScript. Additionally Serendipity dynamically created a HTML form on the media manager administration page that contained all variables found in the URL as hidden fields. While the variable values were correctly escaped it was possible to break out by specifying strange variable names.