Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) prior to 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
s9y serendipity 0.3 |
||
s9y serendipity 0.6_pl3 |
||
s9y serendipity 0.6_rc1 |
||
s9y serendipity 0.7_beta4 |
||
s9y serendipity 0.7_rc1 |
||
s9y serendipity 1.0.3 |
||
s9y serendipity 1.0.4 |
||
s9y serendipity 1.2.1 |
||
s9y serendipity 1.2__beta5 |
||
s9y serendipity 0.5_pl1 |
||
s9y serendipity 0.6 |
||
s9y serendipity 0.7.1 |
||
s9y serendipity 0.7_beta1 |
||
s9y serendipity 0.8.2 |
||
s9y serendipity 0.8_beta_6_snapshot |
||
s9y serendipity 1.1.1 |
||
s9y serendipity 1.1.3 |
||
s9y serendipity 0.6_pl1 |
||
s9y serendipity 0.6_pl2 |
||
s9y serendipity 0.7_beta2 |
||
s9y serendipity 0.7_beta3 |
||
s9y serendipity 0.8_beta5 |
||
s9y serendipity 0.8_beta6 |
||
s9y serendipity 0.9.1 |
||
s9y serendipity 1.1.4 |
||
s9y serendipity 1.2 |
||
s9y serendipity 0.4 |
||
s9y serendipity 0.5 |
||
s9y serendipity 0.6_rc2 |
||
s9y serendipity 0.7 |
||
s9y serendipity 0.8 |
||
s9y serendipity 0.8.1 |
||
s9y serendipity 1.0_beta2 |
||
s9y serendipity 1.0_beta3 |
Vulmon