CVE-2008-0124

Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
Cross-site Scripting
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
s9yserendipity
0.3
s9yserendipity
0.4
s9yserendipity
0.5
s9yserendipity
0.5_pl1
s9yserendipity
0.6
s9yserendipity
0.6_pl1
s9yserendipity
0.6_pl2
s9yserendipity
0.6_pl3
s9yserendipity
0.6_rc1
s9yserendipity
0.6_rc2
s9yserendipity
0.7
s9yserendipity
0.7.1
s9yserendipity
0.7_beta1
s9yserendipity
0.7_beta2
s9yserendipity
0.7_beta3
s9yserendipity
0.7_beta4
s9yserendipity
0.7_rc1
s9yserendipity
0.8
s9yserendipity
0.8.1
s9yserendipity
0.8.2
s9yserendipity
0.8_beta_6_snapshot
s9yserendipity
0.8_beta5
s9yserendipity
0.8_beta6
s9yserendipity
0.9.1
s9yserendipity
1.0.3
s9yserendipity
1.0.4
s9yserendipity
1.0_beta2
s9yserendipity
1.0_beta3
s9yserendipity
1.1.1
s9yserendipity
1.1.3
s9yserendipity
1.1.4
s9yserendipity
1.2
s9yserendipity
1.2.1
s9yserendipity
1.2__beta5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
serendipity
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
ignored
gutsy
ignored
feisty
ignored
edgy
dne
dapper
dne