Cross site scripting

2008-02-2820:44:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.2%

JSON

Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the “Real name” field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.

CPENameOperatorVersion
serendipityeq0.5
serendipityeq0.8.0-beta5
serendipityeq1.0.3
serendipityeq1.1.4
serendipityeq0.4
serendipityeq0.7
serendipityeq1.0.4
serendipityeq0.7.0-beta1
serendipityeq1.0.0-beta3
serendipityeq0.8.2

Name	Operator	Version
serendipity	eq	0.5
serendipity	eq	0.8.0-beta5
serendipity	eq	1.0.3
serendipity	eq	1.1.4
serendipity	eq	0.4
serendipity	eq	0.7
serendipity	eq	1.0.4
serendipity	eq	0.7.0-beta1
serendipity	eq	1.0.0-beta3
serendipity	eq	0.8.2