Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0124

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0124
Last Modified 07 Mar 2011 10:03:59
Published 28 Feb 2008 03:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0124

Summary

Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.

Vulnerable Systems

Application

  • S9y Serendipity 0.3

  • S9y Serendipity 0.4

  • S9y Serendipity 0.5

  • S9y Serendipity 0.5 Pl1

  • S9y Serendipity 0.6

  • S9y Serendipity 0.6 Pl1

  • S9y Serendipity 0.6 Pl2

  • S9y Serendipity 0.6 Pl3

  • S9y Serendipity 0.6 Rc1

  • S9y Serendipity 0.6 Rc2

  • S9y Serendipity 0.7

  • S9y Serendipity 0.7 Beta1

  • S9y Serendipity 0.7 Beta2

  • S9y Serendipity 0.7 Beta3

  • S9y Serendipity 0.7 Beta4

  • S9y Serendipity 0.7 Rc1

  • S9y Serendipity 0.7.1

  • S9y Serendipity 0.8

  • S9y Serendipity 0.8 Beta 6 Snapshot

  • S9y Serendipity 0.8 Beta5

  • S9y Serendipity 0.8 Beta6

  • S9y Serendipity 0.8.1

  • S9y Serendipity 0.8.2

  • S9y Serendipity 0.9.1

  • S9y Serendipity 1.0 Beta2

  • S9y Serendipity 1.0 Beta3

  • S9y Serendipity 1.0.3

  • S9y Serendipity 1.0.4

  • S9y Serendipity 1.1.1

  • S9y Serendipity 1.1.3

  • S9y Serendipity 1.1.4

  • S9y Serendipity 1.2

  • S9y Serendipity 1.2 Beta5

  • S9y Serendipity 1.2.1


References

CONFIRM - http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html

XF - serendipity-realname-username-xss(40851)

VUPEN - ADV-2008-0700

SECTRACK - 1019502

BID - 28003

DEBIAN - DSA-1528

SECUNIA - 29502

SECUNIA - 29128

MISC - http://int21.de/cve/CVE-2008-0124-s9y.html


Last Updated: 27 May 2016 10:46:40