|
Family: CGI abuses : XSS --> Category: infos
Serendipity XSS Flaw Vulnerability Scan
Vulnerability Scan Summary Checks for Serendipity XSS flaw
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by a
cross-site scripting flaw.
Description :
The remote version of Serendipity is vulnerable to cross-site
scripting attacks due to a lack of sanity checks on the 'searchTerm'
parameter in the 'compat.php' script. With a specially crafted URL,
a possible hacker can cause arbitrary code execution in a user's browser
resulting in a loss of integrity.
See also :
http://www.nessus.org/u?e47198ec
http://www.s9y.org/5.html
Solution :
Upgrade to Serendipity 0.7.1 or newer.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|