Debian Security Advisory 1528-1 - Peter Huwe and Hanno Boeck discovered that Serendipity, a weblog manager, did not properly sanitise input to several scripts which allowed for cross site scripting.
8b7a5884ad63c22596a7bb066cab316ce9b42d0c0b7f165a02256cd5357ff4aaThe Serendipity blog system contains a plugin to display the content of feeds in the sidebar (serendipity_plugin_remoterss). If an attacker can modify the RSS feed, it is possible to inject javascript code in the link part, because it is not correctly escaped. Versions below 1.2.1 are affected.
532a5907669cbc68a7275efbcc42fe90f3ef0ef37fef8ab43b25ea77019e9b13
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed