Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9432

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-9432
Last Modified 12 Jan 2015 02:24:01
Published 31 Dec 2014 05:59:08
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9432

Summary

Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php.

Vulnerable Systems

Application

  • S9y Serendipity 2.0


References

CONFIRM - https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b

BUGTRAQ - 20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1

MISC - http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html

CONFIRM - http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html

XF - serendipity-index-xss(99464)

MISC - http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html


Last Updated: 27 May 2016 11:07:25