Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) prior to 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
s9y serendipity 0.5 |
||
s9y serendipity 0.8 beta5 |
||
s9y serendipity 1.0.3 |
||
s9y serendipity 1.1.4 |
||
s9y serendipity 0.4 |
||
s9y serendipity 0.7 |
||
s9y serendipity 1.0.4 |
||
s9y serendipity 0.7 beta1 |
||
s9y serendipity 1.0 beta3 |
||
s9y serendipity 0.8.2 |
||
s9y serendipity 0.6 rc1 |
||
s9y serendipity 1.1.1 |
||
s9y serendipity 0.8 beta 6 snapshot |
||
s9y serendipity 0.7.1 |
||
s9y serendipity 0.5 pl1 |
||
s9y serendipity 0.6 pl2 |
||
s9y serendipity 1.0 beta2 |
||
s9y serendipity 0.7 beta3 |
||
s9y serendipity 0.8 beta6 |
||
s9y serendipity 0.7 beta4 |
||
s9y serendipity 0.6 pl1 |
||
s9y serendipity 0.8.1 |
||
s9y serendipity 0.8 |
||
s9y serendipity 1.2.1 |
||
s9y serendipity 0.3 |
||
s9y serendipity 0.6 pl3 |
||
s9y serendipity 0.9.1 |
||
s9y serendipity 0.6 rc2 |
||
s9y serendipity 1.2 beta5 |
||
s9y serendipity 1.1.3 |
||
s9y serendipity 1.2 |
||
s9y serendipity 0.7 beta2 |
||
s9y serendipity 0.7 rc1 |
||
s9y serendipity 0.6 |
Vulmon