3 matches found
Debian DSA-1528-1 : serendipity - insufficient input sanitising
Peter Huwe and Hanno Bock discovered that Serendipity, a weblog manager, did not properly sanitise input to several scripts which allowed cross site scripting. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
CVE-2008-1476
Cross-site scripting XSS vulnerability in Serendipity S9Y before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks...
CVE-2008-1476
Serendipity (S9Y) up to version 1.2.x is vulnerable to cross-site scripting via received trackbacks. Root cause: insufficient input sanitisation in several scripts. Impact: remote attackers can inject arbitrary script/HTML. Mitigation: upgrade to Serendipity 1.3 or later (per Debian DSAs and rela...