CVE-2008-0124
28.02.2008, 20:44
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
Cross-site Scripting
Vendor | Product | Version |
---|---|---|
s9y | serendipity | 0.3 |
s9y | serendipity | 0.4 |
s9y | serendipity | 0.5 |
s9y | serendipity | 0.5_pl1 |
s9y | serendipity | 0.6 |
s9y | serendipity | 0.6_pl1 |
s9y | serendipity | 0.6_pl2 |
s9y | serendipity | 0.6_pl3 |
s9y | serendipity | 0.6_rc1 |
s9y | serendipity | 0.6_rc2 |
s9y | serendipity | 0.7 |
s9y | serendipity | 0.7.1 |
s9y | serendipity | 0.7_beta1 |
s9y | serendipity | 0.7_beta2 |
s9y | serendipity | 0.7_beta3 |
s9y | serendipity | 0.7_beta4 |
s9y | serendipity | 0.7_rc1 |
s9y | serendipity | 0.8 |
s9y | serendipity | 0.8.1 |
s9y | serendipity | 0.8.2 |
s9y | serendipity | 0.8_beta_6_snapshot |
s9y | serendipity | 0.8_beta5 |
s9y | serendipity | 0.8_beta6 |
s9y | serendipity | 0.9.1 |
s9y | serendipity | 1.0.3 |
s9y | serendipity | 1.0.4 |
s9y | serendipity | 1.0_beta2 |
s9y | serendipity | 1.0_beta3 |
s9y | serendipity | 1.1.1 |
s9y | serendipity | 1.1.3 |
s9y | serendipity | 1.1.4 |
s9y | serendipity | 1.2 |
s9y | serendipity | 1.2.1 |
s9y | serendipity | 1.2__beta5 |
𝑥
= Vulnerable software versions

Ubuntu Releases
References