Serendipity Forums

User and developer community
https://board.s9y.org/

Serendipity Vulnerabilities Report

https://board.s9y.org/viewtopic.php?t=7414

Page 1 of 1

Serendipity Vulnerabilities Report

Posted: Mon Oct 23, 2006 12:30 am
by jumanjisama
There is a report from securityfocus, that says serendipity has some serious XSS Vulnerabilities, though hell i don't know what is that, but it still raises some concerns. Especially when they mentioned that a hacker could trick the admin to visit some other web. Anyway, the guys from securityfocus rate this vulnerabilities as critical. You may read the full report here : http://www.securityfocus.com/archive/1/449189

Just thought that i should share this, but no matter what, i still love serendipity :)

Posted: Mon Oct 23, 2006 1:25 am
by stm999999999
Application: Serendipity <= 1.0.1
Vendor Status: Vendor has a released an updated version
...
Disclosure Timeline:

05. October 2006 - Contacted Serendipity developers by email
18. October 2006 - Updated Serendipity was released
19. October 2006 - Public Disclosure

Recommendation:

It is strongly recommended to upgrade to the newest version of
Serendipity 1.0.2 which you can download at:
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited