This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote web server contains a PHP application that is vulnerable to
cross-site scripting attacks.
According to its banner, the version of Serendipity installed on the
remote host does not properly filter user-supplied input for selected
fields if the BBCode plugin is enabled - it is not by default. By
exploiting this flaw, an attacker can cause arbitrary HTML and script
code to be executed by a user's browser in the context of the affected
website whenever users view malicious entries or comments that the
See also :
Disable the BBCode plugin or upgrade to Serendipity 0.8 or later.
Risk factor :
Low / CVSS Base Score : 2.6
CVSS Temporal Score : 2.3
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 18155 ()
Bugtraq ID: 13411
CVE ID: CVE-2005-1448
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.