NuytsTech Security

CVE-2004-2157

by ·

Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.

Date published : 2005-07-10

http://www.securityfocus.com/bid/11269

http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html

Tags: