4 matches found
CVE-2004-2525
CVE-2004-2525 affects Serendipity prior to 0.7.1: a cross-site scripting vulnerability in compat.php allows an attacker to inject script via the searchTerm parameter. Reported in multiple feeds (NVD/OpenVAS), with impact described as browser-level integrity risk (I:P) and no confidentiality impac...
CVE-2004-2525
Cross-site scripting XSS vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable...
CVE-2004-2525
Cross-site scripting XSS vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable...
Serendipity compat.php searchTerm Parameter XSS
The remote version of Serendipity is vulnerable to cross-site scripting attacks due to a lack of sanity checks on the 'searchTerm' parameter in the 'compat.php' script. With a specially crafted URL, an attacker can cause arbitrary code execution in a user's browser resulting in a loss of integrit...