First published: Fri Dec 31 2004(Updated: )
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Serendipity (S9Y) Freetag Event | =0.7_beta1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2004-2157 is rated as a medium severity vulnerability due to its potential for cross-site scripting attacks.
To fix CVE-2004-2157, upgrade to Serendipity version 0.7-beta3 or later, which addresses this XSS vulnerability.
CVE-2004-2157 affects Serendipity version 0.7 beta1 and possibly earlier versions before 0.7-beta3.
CVE-2004-2157 allows attackers to inject arbitrary HTML and PHP code, facilitating cross-site scripting attacks.
Yes, there are known exploits that leverage the cross-site scripting vulnerability in CVE-2004-2157 to execute malicious scripts.