Reporter Steffen Roesemann
`Advisory: Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1
Advisory ID: SROEADV-2014-02
Author: Steffen Rösemann
Affected Software: CMS Serendipity v.2.0-rc1 (Release: 20th Dec 2014)
Vendor URL: http://www.s9y.org/
Vendor Status: fixed
The Content Management System Serendipity v.2.0-rc1 has a stored
XSS-vulnerability in its comment functionality. Arbitrary HTML- and/or
sanitized, while on the administrative backend, where new comments are
displayed to the administrator after login, it gets immidiately executed.
comment, which for example is located in the following URL, it will be
stored in the database without being sanitized.
When the comments are displayed on the frontend, they will be sanitized,
while on the administrative backend it gets displayed unsanitized and is
being executed, because the latest comments are shown, after an
administrative user has been logged in to the following URL:
Update to the latest version
22-Dec-2014 – found the vulnerability
23-Dec-2014 - informed the developers
23-Dec-2014 - release date of this security advisory
23-Dec-2014 - response and fix by vendor
23-Dec-2014 - post on FullDisclosure
Vulnerability found and advisory written by Steffen Rösemann.