CVE-2004-2525

Published: Dec 31, 2004Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.

Affected (16)

Products: S9y: Serendipity

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
S9y Serendipity	Version 0.3
S9y Serendipity	Version 0.4
S9y Serendipity	Version 0.5
S9y Serendipity	Version 0.5_pl1
S9y Serendipity	Version 0.6
S9y Serendipity	Version 0.6_pl1
S9y Serendipity	Version 0.6_pl2
S9y Serendipity	Version 0.6_pl3
S9y Serendipity	Version 0.6_rc1
S9y Serendipity	Version 0.6_rc2
S9y Serendipity	Version 0.7
S9y Serendipity	Version 0.7_beta1
S9y Serendipity	Version 0.7_beta2
S9y Serendipity	Version 0.7_beta3
S9y Serendipity	Version 0.7_beta4
S9y Serendipity	Version 0.7_rc1

References (12)

http://secunia.com/advisories/13357

Source: cve@mitre.org

PatchVendor Advisory

http://securitytracker.com/id?1012383

Source: cve@mitre.org

Patch

http://sourceforge.net/tracker/index.php?func=detail&aid=1076762&group_id=75065&atid=542822

Source: cve@mitre.org

http://www.osvdb.org/12177

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/11790

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/18322

Source: cve@mitre.org

http://secunia.com/advisories/13357

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securitytracker.com/id?1012383

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://sourceforge.net/tracker/index.php?func=detail&aid=1076762&group_id=75065&atid=542822

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/12177

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/11790

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/18322

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.