Family: CGI abuses : XSS --> Category: infos
Serendipity XSS Flaw Vulnerability Scan
Vulnerability Scan Summary
Checks for Serendipity XSS flaw
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is affected by a
cross-site scripting flaw.
The remote version of Serendipity is vulnerable to cross-site
scripting attacks due to a lack of sanity checks on the 'searchTerm'
parameter in the 'compat.php' script. With a specially crafted URL,
a possible hacker can cause arbitrary code execution in a user's browser
resulting in a loss of integrity.
See also :
Upgrade to Serendipity 0.7.1 or newer.
Low / CVSS Base Score : 2.3
Click HERE for more information and discussions on this network vulnerability scan.