FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Serendipity -- XSS Vulnerabilities

Affected packages
serendipity < 1.0.1

Details

VuXML ID 96ed277b-60e0-11db-ad2d-0016179b2dd5
Discovery 2006-10-19
Entry 2006-10-21

The Serendipity Team reports:

Serendipity failed to correctly sanitize user input on the media manager administration page. The content of GET variables were written into JavaScript strings. By using standard string evasion techniques it was possible to execute arbitrary JavaScript.

Additionally Serendipity dynamically created a HTML form on the media manager administration page that contained all variables found in the URL as hidden fields. While the variable values were correctly escaped it was possible to break out by specifying strange variable names.

References

URL http://secunia.com/advisories/22501/
URL http://www.hardened-php.net/advisory_112006.136.htmlSerendipity