Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2008/03/26 12:0 a.m.24 views

Debian DSA-1528-1 : serendipity - insufficient input sanitising

Peter Huwe and Hanno Bock discovered that Serendipity, a weblog manager, did not properly sanitise input to several scripts which allowed cross site scripting. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

4.3CVSS4.3AI score0.02464EPSS
Exploits2References5
Debian
Debian
added 2008/03/24 4:38 p.m.30 views

[SECURITY] [DSA 1528-1] New serendipity packages fix cross site scripting

------------------------------------------------------------------------ Debian Security Advisory DSA-1528-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 24, 2008 http://www.debian.org/security/faq -...

4.3CVSS6AI score0.02464EPSS
Exploits2
CVE
CVE
added 2007/12/11 8:0 p.m.57 views

CVE-2007-6205

CVE-2007-6205 is a cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) of S9Y Serendipity prior to 1.2.1. An attacker can inject arbitrary script/HTML via a link in an RSS feed. Public advisories (Debian DSA-1528-1, related OpenVAS/NVL) documen...

4.3CVSS5.4AI score0.02464EPSS
Exploits2References11Affected Software1
Packet Storm
Packet Storm
added 2007/12/11 12:0 a.m.37 views

serendipity-xss.txt

Source: http://www.int21.de/cve/CVE-2007-6205-s9y.html Cross site scripting XSS in rss feed plugin of Serendipity 1.2 References http://www.s9y.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6205 Description The Serendipity blog system contains a plugin to display the content of feed...

4.3CVSS6.5AI score0.02464EPSS
Exploits2
Rows per page
Query Builder