Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2525

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2525
Last Modified 07 Mar 2011 09:18:58
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2525

Summary

Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.

Vulnerable Systems

Application

  • S9y Serendipity 0.3

  • S9y Serendipity 0.4

  • S9y Serendipity 0.5

  • S9y Serendipity 0.5 Pl1

  • S9y Serendipity 0.6

  • S9y Serendipity 0.6 Pl1

  • S9y Serendipity 0.6 Pl2

  • S9y Serendipity 0.6 Pl3

  • S9y Serendipity 0.6 Rc1

  • S9y Serendipity 0.6 Rc2

  • S9y Serendipity 0.7

  • S9y Serendipity 0.7 Beta1

  • S9y Serendipity 0.7 Beta2

  • S9y Serendipity 0.7 Beta3

  • S9y Serendipity 0.7 Beta4

  • S9y Serendipity 0.7 Rc1


References

XF - serendipity-combatphp-xss(18322)

BID - 11790

OSVDB - 12177

SECTRACK - 1012383

SECUNIA - 13357

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=1076762&group_id=75065&atid=542822


Last Updated: 27 May 2016 10:39:30