4 matches found
Debian DSA-1528-1 : serendipity - insufficient input sanitising
Peter Huwe and Hanno Bock discovered that Serendipity, a weblog manager, did not properly sanitise input to several scripts which allowed cross site scripting. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
[SECURITY] [DSA 1528-1] New serendipity packages fix cross site scripting
------------------------------------------------------------------------ Debian Security Advisory DSA-1528-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 24, 2008 http://www.debian.org/security/faq -...
CVE-2007-6205
CVE-2007-6205 is a cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) of S9Y Serendipity prior to 1.2.1. An attacker can inject arbitrary script/HTML via a link in an RSS feed. Public advisories (Debian DSA-1528-1, related OpenVAS/NVL) documen...
serendipity-xss.txt
Source: http://www.int21.de/cve/CVE-2007-6205-s9y.html Cross site scripting XSS in rss feed plugin of Serendipity 1.2 References http://www.s9y.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6205 Description The Serendipity blog system contains a plugin to display the content of feed...