Serendipity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2008-0124
Reference:
CVE-2008-0124
Title:
Serendipity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the quotReal namequot field in Personal Settings which is presented to readers of articles or (2) a file upload as demonstrated by a .htm .html or .js file.