Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1476

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1476
Last Modified 07 Mar 2011 10:07:09
Published 24 Mar 2008 06:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1476

Summary

Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.

Vulnerable Systems

Application

  • Serendipity 0.3

  • Serendipity 0.4

  • Serendipity 0.5 Pl1

  • Serendipity 0.6 Pl3

  • Serendipity 0.7

  • Serendipity 0.7.1

  • Serendipity 0.8

  • Serendipity 0.8.1

  • Serendipity 0.8.2

  • Serendipity 0.8.3

  • Serendipity 0.8.4

  • Serendipity 0.8.5

  • Serendipity 0.9

  • Serendipity 0.9.1

  • Serendipity 1.0

  • Serendipity 1.0.1

  • Serendipity 1.0.2

  • Serendipity 1.0.3

  • Serendipity 1.0.4

  • Serendipity 1.1

  • Serendipity 1.1.1

  • Serendipity 1.1.2

  • Serendipity 1.1.3

  • Serendipity 1.1.4

  • Serendipity 1.2

  • Serendipity 1.2.1


References

XF - serendipity-trackbacks-data-xss(41343)

VUPEN - ADV-2008-0925

BID - 28298

DEBIAN - DSA-1528

SECUNIA - 29502

SECUNIA - 29398

CONFIRM - http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html


Last Updated: 27 May 2016 10:47:08