CVE-2008-0124 (Serendipity) |
|
| BugsAlert Home > CVE-2008-0124 (Serendipity) | |
|
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file. Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0124 Learn more about CVE-2008-0124 (Serendipity) |
|
| Tags: cve-2008-0124 serendipity | |
Related Items |
|
|
Oracle Application Server Portal Authentication Bypass
|
|
|
Vuln: H2O-CMS PHP Code Injection and Cookie Authentication Bypass Vulnerabilities
|
|
|
Ingate Firewall and SIParator Port Pool Exhaustion Denial of Service
|
|
|
BEA WebLogic Server Multiple Vulnerabilities
|
|
|
CVE-2008-2093 (community_builder, com_comprofiler)
|
|
|
SolarCMS Forum Component "cat" SQL Injection Vulnerability
|
|
|
CVE-2008-3899 (TrueCrypt)
|
|
