Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CMS Serendipity 2.0-rc1 Cross Site Scripting

🗓️ 23 Dec 2014 00:00:00Reported by Steffen RoesemannType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

Stored XSS in CMS Serendipity v.2.0-rc1 comment functionalit

Code
`Advisory: Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1  
  
Advisory ID: SROEADV-2014-02  
  
Author: Steffen Rösemann  
  
Affected Software: CMS Serendipity v.2.0-rc1 (Release: 20th Dec 2014)  
  
Vendor URL: http://www.s9y.org/  
  
Vendor Status: fixed  
  
CVE-ID: -  
  
  
==========================  
  
Vulnerability Description:  
  
==========================  
  
  
The Content Management System Serendipity v.2.0-rc1 has a stored  
XSS-vulnerability in its comment functionality. Arbitrary HTML- and/or  
JavaScriptcode is stored in the database. On the frontend side, it gets  
sanitized, while on the administrative backend, where new comments are  
displayed to the administrator after login, it gets immidiately executed.  
  
  
==================  
  
Technical Details:  
  
==================  
  
  
If an attacker is posting arbitrary HTML- and/or JavaScriptcode in a  
comment, which for example is located in the following URL, it will be  
stored in the database without being sanitized.  
  
  
http://  
{HOSTNAME/DOMAIN}/serendipity/index.php?/archives/{TITLE-OF-THE-BLOG-ENTRY}.html#comments  
  
  
When the comments are displayed on the frontend, they will be sanitized,  
while on the administrative backend it gets displayed unsanitized and is  
being executed, because the latest comments are shown, after an  
administrative user has been logged in to the following URL:  
  
  
http://{HOSTNAME/DOMAIN}/serendipity/serendipity_admin.php  
  
  
=========  
  
Solution:  
  
=========  
  
  
Update to the latest version  
  
  
====================  
  
Disclosure Timeline:  
  
====================  
  
22-Dec-2014 – found the vulnerability  
  
23-Dec-2014 - informed the developers  
  
23-Dec-2014 - release date of this security advisory  
  
23-Dec-2014 - response and fix by vendor  
  
23-Dec-2014 - post on FullDisclosure  
  
  
========  
  
Credits:  
  
========  
  
  
Vulnerability found and advisory written by Steffen Rösemann.  
  
  
===========  
  
References:  
  
===========  
  
  
http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html  
  
http://sroesemann.blogspot.de  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Dec 2014 00:00Current
serendipity cmsstored xsscross site scriptingsecurity advisorysteffen rösemannvulnerability disclosurevendor fixlatest version updatefull disclosure
30