Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions prior to 0.7-beta3, allows remote malicious users to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
s9y serendipity 0.7_beta1 |