Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1385

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1385
Last Modified 07 Mar 2011 10:07:01
Published 23 Apr 2008 09:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1385

Summary

Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.

Vulnerable Systems

Application

  • S9y Serendipity 0.3

  • S9y Serendipity 0.4

  • S9y Serendipity 0.5 Pl1

  • S9y Serendipity 0.6 Pl3

  • S9y Serendipity 0.7

  • S9y Serendipity 0.7.1

  • S9y Serendipity 0.8

  • S9y Serendipity 0.8.1

  • S9y Serendipity 0.8.2

  • S9y Serendipity 0.8.3

  • S9y Serendipity 0.8.4

  • S9y Serendipity 0.8.5

  • S9y Serendipity 0.9

  • S9y Serendipity 0.9.1

  • S9y Serendipity 1.0

  • S9y Serendipity 1.0.1

  • S9y Serendipity 1.0.2

  • S9y Serendipity 1.0.3

  • S9y Serendipity 1.0.4

  • S9y Serendipity 1.1

  • S9y Serendipity 1.1.1

  • S9y Serendipity 1.1.2

  • S9y Serendipity 1.1.3

  • S9y Serendipity 1.1.4

  • S9y Serendipity 1.2

  • S9y Serendipity 1.2.1

  • S9y Serendipity 1.3


References

BID - 28885

CONFIRM - http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html

XF - topreferrers-referer-xss(41965)

VUPEN - ADV-2008-1348

SECTRACK - 1019915

BUGTRAQ - 20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))

SECUNIA - 29942

MISC - http://int21.de/cve/CVE-2008-1385-s9y.html


Last Updated: 27 May 2016 10:47:08