Search...

Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability

2011-11-06T00:00:00

ID SECURITYVULNS:DOC:27275
Type securityvulns
Reporter Securityvulns
Modified 2011-11-06T00:00:00

Description

Advisory: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Advisory ID: SSCHADV2011-015 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.5.5 Vendor URL: http://www.s9y.org Vendor Status: fixed CVE-ID: -

========================== Vulnerability Description: ==========================

The parameter "serendipity[filter][bp.ALT]" in Serendipity backend is prone to a Cross-Site Scripting vulnerability

================== Technical Details: ==================

http://<target>/serendipity/serendipity_admin_image_selector.php?serendipity[filter][bp.ALT]=</script><script>alert(document.cookie)</script>&go=+-+Go!+-+

========= Solution: =========

Upgrade to Serendipity 1.6

==================== Disclosure Timeline: ====================

22-Sep-2011 - informed developers 27-Oct-2011 - fixed by vendor 02-Nov-2011 - release date of this security advisory

======== Credits: ========

Vulnerability found and advisory written by Stefan Schurtz.

=========== References: ===========

http://www.s9y.org http://blog.s9y.org/archives/233-Serendipity-1.6-released.html http://www.rul3z.de/advisories/SSCHADV2011-015.txt

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:27275", "bulletinFamily": "software", "title": "Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability", "description": "Advisory: \tSerendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability\r\nAdvisory ID: SSCHADV2011-015\r\nAuthor: \tStefan Schurtz\r\nAffected Software: Successfully tested on Serendipity 1.5.5\r\nVendor URL: http://www.s9y.org\r\nVendor Status: fixed\r\nCVE-ID: -\r\n\r\n==========================\r\nVulnerability Description:\r\n==========================\r\n\r\nThe parameter "serendipity[filter][bp.ALT]" in Serendipity backend is prone to a Cross-Site Scripting vulnerability\r\n\r\n==================\r\nTechnical Details:\r\n==================\r\n\r\nhttp://<target>/serendipity/serendipity_admin_image_selector.php?serendipity[filter][bp.ALT]=</script><script>alert(document.cookie)</script>&go=+-+Go!+-+\r\n\r\n=========\r\nSolution:\r\n=========\r\n\r\nUpgrade to Serendipity 1.6\r\n\r\n====================\r\nDisclosure Timeline:\r\n====================\r\n\r\n22-Sep-2011 - informed developers\r\n27-Oct-2011 - fixed by vendor\r\n02-Nov-2011 - release date of this security advisory\r\n\r\n========\r\nCredits:\r\n========\r\n\r\nVulnerability found and advisory written by Stefan Schurtz.\r\n\r\n===========\r\nReferences:\r\n===========\r\n\r\nhttp://www.s9y.org\r\nhttp://blog.s9y.org/archives/233-Serendipity-1.6-released.html\r\nhttp://www.rul3z.de/advisories/SSCHADV2011-015.txt\r\n", "published": "2011-11-06T00:00:00", "modified": "2011-11-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27275", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:42", "edition": 1, "viewCount": 9, "enchantments": {"score": {"value": 2.4, "vector": "NONE", "modified": "2018-08-31T11:10:42", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201454", "OPENVAS:1361412562311220201446", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201431"]}, {"type": "nessus", "idList": ["EULEROS_SA-2020-1432.NASL", "EULEROS_SA-2020-1431.NASL", "EULEROS_SA-2020-1400.NASL"]}, {"type": "mskb", "idList": ["KB3054929", "KB3115294", "KB2160841", "KB3178702", "KB3127904", "KB2881078"]}], "modified": "2018-08-31T11:10:42", "rev": 2}, "vulnersScore": 2.4}, "affectedSoftware": []}

{"zdi": [{"lastseen": "2021-01-14T21:35:17", "bulletinFamily": "info", "cvelist": ["CVE-2020-27275"], "description": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2021-01-14T00:00:00", "published": "2021-01-14T00:00:00", "id": "ZDI-21-032", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-032/", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-14T21:35:17", "bulletinFamily": "info", "cvelist": ["CVE-2020-27275"], "description": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2021-01-14T00:00:00", "published": "2021-01-14T00:00:00", "id": "ZDI-21-035", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-035/", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-14T21:35:17", "bulletinFamily": "info", "cvelist": ["CVE-2020-27275"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2021-01-14T00:00:00", "published": "2021-01-14T00:00:00", "id": "ZDI-21-029", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-029/", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-14T21:35:17", "bulletinFamily": "info", "cvelist": ["CVE-2020-27275"], "description": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of a data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2021-01-14T00:00:00", "published": "2021-01-14T00:00:00", "id": "ZDI-21-038", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-038/", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-14T21:35:17", "bulletinFamily": "info", "cvelist": ["CVE-2020-27275"], "description": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2021-01-14T00:00:00", "published": "2021-01-14T00:00:00", "id": "ZDI-21-034", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-034/", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-14T21:35:17", "bulletinFamily": "info", "cvelist": ["CVE-2020-27275"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DPA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2021-01-14T00:00:00", "published": "2021-01-14T00:00:00", "id": "ZDI-21-028", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-028/", "title": "Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-14T21:35:17", "bulletinFamily": "info", "cvelist": ["CVE-2020-27275"], "description": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2021-01-14T00:00:00", "published": "2021-01-14T00:00:00", "id": "ZDI-21-037", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-037/", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-14T21:35:17", "bulletinFamily": "info", "cvelist": ["CVE-2020-27275"], "description": "This vulnerability allows remote atackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2021-01-14T00:00:00", "published": "2021-01-14T00:00:00", "id": "ZDI-21-036", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-036/", "title": "Delta Industrial Automation DOPSoft XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2021-02-02T07:37:04", "description": "Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-11T16:15:00", "title": "CVE-2020-27275", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27275"], "modified": "2021-01-14T18:15:00", "cpe": ["cpe:/a:deltaww:dopsoft:4.0.8.21"], "id": "CVE-2020-27275", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27275", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:deltaww:dopsoft:4.0.8.21:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:37:03", "description": "An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript.", "edition": 7, "cvss3": {"exploitabilityScore": 1.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.8, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-09-30T21:15:00", "title": "CVE-2020-25288", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25288"], "modified": "2020-10-13T17:47:00", "cpe": [], "id": "CVE-2020-25288", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25288", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:14:28", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:12:56", "description": "In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox.", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-13T17:15:00", "title": "CVE-2019-18894", "type": "cve", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18894"], "modified": "2020-01-21T20:30:00", "cpe": ["cpe:/a:avast:premium_security:19.8.2393"], "id": "CVE-2019-18894", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18894", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:avast:premium_security:19.8.2393:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:21", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7273"], "modified": "2019-11-20T15:56:00", "cpe": [], "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T05:35:21", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cwe": ["CWE-312"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7272"], "modified": "2020-02-10T21:16:00", "cpe": [], "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:45", "description": "An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task.", "edition": 11, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-07-31T22:15:00", "title": "CVE-2019-10198", "type": "cve", "cwe": ["CWE-306"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10198"], "modified": "2020-09-30T18:16:00", "cpe": ["cpe:/a:redhat:satellite:6.6"], "id": "CVE-2019-10198", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10198", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:redhat:satellite:6.6:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:32", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-04-30T14:29:00", "title": "CVE-2015-9286", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9286"], "modified": "2019-05-01T14:22:00", "cpe": [], "id": "CVE-2015-9286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "ics": [{"lastseen": "2021-02-27T19:48:29", "bulletinFamily": "info", "cvelist": ["CVE-2020-27275", "CVE-2020-27277"], "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.8**\n * **ATTENTION: **Low skill level to exploit\n * **Vendor: **Delta Electronics\n * **Equipment:** DOPSoft\n * **Vulnerabilities:** Out-of-bounds Write, Untrusted Pointer Dereference\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could allow arbitrary code execution.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of DOPSoft, a software that supports the DOP-100 series HMI screens, are affected:\n\n * DOPSoft Version 4.0.8.21 and prior\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nThe affected product is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.\n\n[CVE-2020-27275](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27275>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.2 [UNTRUSTED POINTER DEREFERENCE CWE-822](<https://cwe.mitre.org/data/definitions/822.html>)\n\nThe affected product has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.\n\n[CVE-2020-27277](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27277>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Critical Manufacturing\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Taiwan\n\n### 3.4 RESEARCHER\n\nKimiya, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nDelta Electronics has released an updated version DOPSoft, and recommends users [install this update](<https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&CID=06&itemID=060302&dataType=8&q=DOPSoft>) on all affected systems. Delta Electronics recommends the following mitigations:\n\n * Update to the latest version of DOPSoft v4.00.10.17 or higher.\n * Use DOPSoft v4.00.10.17 to open old project files (*.dpa) then save as new files. Following that, use the new saved project files and discard the old ones.\n * Restrict interaction of the application with trusted files.\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-21-005-05>); we'd welcome your feedback.\n", "modified": "2021-01-05T00:00:00", "published": "2021-01-05T00:00:00", "id": "ICSA-21-005-05", "href": "https://www.us-cert.gov/ics/advisories/icsa-21-005-05", "type": "ics", "title": "Delta Electronics DOPSoft", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-03-19T15:18:21", "description": "Exploit for php platform in category web applications", "edition": 1, "published": "2017-03-09T00:00:00", "type": "zdt", "title": "Navetti PricePoint 4.6.0.0 XSS / CSRF / SQL Injection Vulnerabilities", "bulletinFamily": "exploit", "cvelist": [], "modified": "2017-03-09T00:00:00", "href": "https://0day.today/exploit/description/27275", "id": "1337DAY-ID-27275", "sourceData": "title: Multiple vulnerabilities\r\n product: Navetti PricePoint\r\n vulnerable version: 4.6.0.0\r\n fixed version: 4.7.0.0 or higher\r\n CVE number: -\r\n impact: high/critical\r\n homepage: http://www.navetti.com/\r\n found: 2016-07-18\r\n by: W. Schober (Office Vienna)\r\n SEC Consult Vulnerability Lab\r\n\r\n An integrated part of SEC Consult\r\n Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow\r\n Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich\r\n\r\n https://www.sec-consult.com\r\n\r\n=======================================================================\r\n\r\nVendor description:\r\n-------------------\r\n\"Navetti PricePoint is the ultimate business tool for controlling, managing and\r\nmeasuring all aspects of your pricing. Our clients have been able to increase\r\ntheir revenue and profitability substantially, implement market- and value-based\r\npricing, increase customer trust and implement a common business language\r\nthroughout their organization. In addition, with Navetti PricePoint our clients\r\nare able to implement governance processes, manage risk and ensure organization\r\ncompliance, and attain business sustainability.\"\r\n\r\nSource:\r\nhttp://www.navetti.com/our-expertise/navetti-pricepoint/\r\n\r\n\r\nBusiness recommendation:\r\n------------------------\r\nDuring a quick security check, SEC Consult identified four vulnerabilities,\r\nwhich are partially critical. As the time frame of the test was limited, it is\r\nsuspected that there are more vulnerabilities in the application.\r\n\r\nIt is highly recommended by SEC Consult to apply the patch resolving the\r\nidentified vulnerabilities before using Navetti PricePoint in an environment\r\nwith potential attackers.\r\n\r\n\r\nVulnerability overview/description:\r\n-----------------------------------\r\n1) SQL Injection (Blind boolean based)\r\nNavetti PricePoint is prone to SQL injection attacks. The attacks can be\r\nexecuted by all privilege levels, ranging from the lowest privileged users to\r\nthe highest privileged users.\r\n\r\nBy exploiting this vulnerability, an attacker gains access to all records\r\nstored in the database with the privileges of the database user.\r\n\r\n2) Multiple persistent cross site scripting vulnerabilities\r\nThe web application suffers from multiple persistent cross site scripting issues.\r\nLow privileged users as well as high privileged users, are able to inject\r\nmalicious JavaScript payloads persistently in the application. This\r\nvulnerability is even more critical, because it can be used by a low privileged\r\nuser who wants to elevate his privileges. The low privileged attacker can\r\nplace a payload which creates a new superuser, or add his own account to the\r\nsuperuser group. If a superuser logs in to the application, the JavaScript\r\npayload is executed with the rights of the superuser and the new user is\r\ncreated or added to the superuser group.\r\n\r\n3) Multiple reflected cross site scripting vulnerabilities\r\nNavetti PricePoint suffers from multiple reflected cross site scripting issues.\r\nThe code which is used to generate error messages inside of the application,\r\ndoes not correctly escape/sanitize user input. Due to that all error messages\r\ncontaining user input are prone to reflected cross site scripting attacks.\r\nFurthermore the file upload dialog does not correctly sanitize the file name of\r\nuploaded files. If a file name contains a JavaScript payload, it is executed in\r\nthe file upload dialog.\r\n\r\n4) Cross Site Request Forgery\r\nNavetti PricePoint doesn't implement any kind of cross site request forgery\r\nprotection. Attackers are able to execute arbitrary requests with the privileges\r\nof any user. The only requirement is, that the victim clicks on a malicious\r\nlink. For example an administrator can be forced to execute unwanted actions.\r\nSome of these actions are:\r\n\r\n -) Add users\r\n -) Delete users\r\n -) Add users to an arbitrary role\r\n -) Change internal settings of the application\r\n\r\n\r\nProof of concept:\r\n-----------------\r\n1) SQL Injection (Blind boolean based)\r\nThe search function in the tree structure, which displays various groups, does\r\nnot properly validate user input, allowing an attacker with any privilege level\r\nto inject arbitrary SQL commands and read the contents of the whole database.\r\n\r\nThe following URL could be used to perform blind SQL injection attacks:\r\n-) URL: /NBN.Host/PMWorkspace/PMWorkspace/FamilieTreeSearch\r\n (Parameter: searchString, Type: GET)\r\n\r\n2) Multiple persistent cross site scripting vulnerabilities\r\nThe following URL parameters have been identified to be vulnerable against\r\npersistent cross site scripting:\r\n\r\n-) URL: /NBN.Host/Component/Competitors/AddEdit (Parameter: name,POST)\r\n-) URL: /NBN.Host/Component/ItemSearchGrid/EditData (Parameter: Quality105,POST)\r\n-) URL: /NBN.Host/component/GroupInfo/SaveGroup (Parameter: name,POST)\r\n\r\nThe proof of concept shows just selected examples of cross-site scripting\r\nvulnerabilities. Based on the conducted tests, SEC Consult identified that\r\nproper input validation is lacking.\r\nDue to the limited time frame of the test, it was not possible to verify every\r\nsingle parameter of the application. Therefore, it can be assumed, that there\r\nare similar flaws in other parts of the web application.\r\n\r\n3) Multiple reflected cross site scripting vulnerabilities\r\nThe application is also prone to reflected cross site scripting attacks. The\r\nvulnerabilities were observed in at least two main parts of the application.\r\nThose two parts are error messages and the file upload functionality.\r\n\r\n-) Error Messages\r\n Every user input which is reflected in error messages, is not correctly\r\n escaped and injection of malicious JavaScript code is possible.\r\n\r\n-) File uploads\r\n The file upload functionality is not correctly escaping the filename of\r\n uploaded files. If a victim is forced to upload a special crafted file, an\r\n arbitrary JavaScript payload can be triggered and executed in the victim's\r\n context. An example for a working, but very obvious payload in the filename\r\n would be the following example:\r\n\r\n -) <img src=x onerror=alert(document.cookies)>.xlsx\r\n\r\n4) Cross Site Request Forgery\r\nThe application is prone to cross site request forgery attacks because no\r\nmeasures such as CSRF tokens or nounces, are in place. The following proof of\r\nconcept deletes the user account\r\nwith ID 18:\r\n\r\n<html>\r\n<body>\r\n <script>\r\n function submitRequest()\r\n {\r\n var xhr = new XMLHttpRequest();\r\n xhr.open(\"POST\", \"https://($IP|$Domain)/NBN.Host/PermissionsManagement/\r\n PermissionsManagement/DeleteUsers\", true);\r\n xhr.setRequestHeader(\"Accept\", \"*/*\");\r\n xhr.setRequestHeader(\"Accept-Language\", \"en-US,en;q=0.5\");\r\n xhr.setRequestHeader(\"Content-Type\", \"text/plain\");\r\n xhr.withCredentials = true;\r\n var body = \"{\\\"DeleteAll\\\":false,\\\"UserIDs\\\":[\\\"18\\\"]}\";\r\n var aBody = new Uint8Array(body.length);\r\n for (var i = 0; i < aBody.length; i++)\r\n aBody[i] = body.charCodeAt(i);\r\n xhr.send(new Blob([aBody]));\r\n }\r\n</script>\r\n<form action=\"#\">\r\n <input type=\"button\" value=\"Submit request\" onclick=\"submitRequest();\" />\r\n</form>\r\n</body>\r\n</html>\r\n\r\nIf a victim visits a website, which is hosted by an attacker, the script above\r\nwould be executed and the user with the userID 18 would be deleted. Due to the\r\ncomplete absence of measures against cross site request forgery, it can be\r\nassumed that the application is vulnerable for this\r\nkind of attack.\r\n\r\n\r\nVulnerable / tested versions:\r\n-----------------------------\r\nSEC Consult tested Navetti PricePoint 4.6.0.0.\r\nThis version was the latest version at the time of the discovery.\r\n\r\n\r\nVendor contact timeline:\r\n------------------------\r\n2016-07-27: Contacting vendor through [email\u00a0protected]\r\n2016-07-27: Vendor provided a technical contact who is responsible for\r\n vulnerability coordination, furthermore clear-text communication\r\n was requested.\r\n2016-07-27: Providing advisory and proof of concept through insecure channel\r\n as requested.\r\n2016-08-05: Navetti provided a status update concerning a new version of\r\n Navetti Price Point. The release date of the version, where all\r\n the vulnerabilities are fixed, will be provided soon\r\n2016-08-11: Navetti sent an update containing their upcoming release schedule.\r\n The update of Navetti Price Point, which should fix all the\r\n vulnerabilities, will be released on 2016-10-01.\r\n2016-10-01: Patch available\r\n2017-03-08: SEC Consult releases security advisory\r\n\r\n\r\nSolution:\r\n---------\r\nUpdate to the latest version available. According to Navetti, all the\r\nvulnerabilities are fixed in release 4.7.0.0.\r\n\r\nAccording to the vendor, they have further improved their software security\r\nsince our initial contact.\r\n\r\n\r\nWorkaround:\r\n-----------\r\nNo workaround available\r\n\n\n# 0day.today [2018-03-19] #", "sourceHref": "https://0day.today/exploit/27275", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7747"], "description": "Crash on audiofiles processing.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14754", "title": "audiofile memory corruption", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. (CVE-2015-7803, CVE-2015-7804)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32651", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "title": "[USN-2786-1] PHP vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}

Serendipity &#39;serendipity[filter][bp.ALT]&#39; Cross-Site Scripting vulnerability

Description

Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability