Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1386

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1386
Last Modified 07 Mar 2011 10:07:01
Published 23 Apr 2008 09:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1386

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited.

Vulnerable Systems

Application

  • S9y Serendipity 1.3


References

BID - 28885

XF - serendipity-installer-xss(41967)

VUPEN - ADV-2008-1348

SECTRACK - 1019915

BUGTRAQ - 20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))

MISC - http://int21.de/cve/CVE-2008-1386-s9y.html

CONFIRM - http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html


Last Updated: 27 May 2016 10:47:08