3 matches found
Debian DSA-1528-1 : serendipity - insufficient input sanitising
Peter Huwe and Hanno Bock discovered that Serendipity, a weblog manager, did not properly sanitise input to several scripts which allowed cross site scripting. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
[SECURITY] [DSA 1528-1] New serendipity packages fix cross site scripting
------------------------------------------------------------------------ Debian Security Advisory DSA-1528-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 24, 2008 http://www.debian.org/security/faq -...
CVE-2008-0124
CVE-2008-0124 affects Serendipity (S9Y) prior to 1.3-beta1, with cross-site scripting (XSS) via the Real name field in Personal Settings or via file uploads (e.g., .htm/.html/.js). The root cause is insufficient input sanitising in Serendipity, enabling remote authenticated users to inject script...