icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Serendipity < 0.7.0rc1 HTTP Response Splitting

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote host is running Serendipity, a weblog written in PHP. The remote version of this software is vulnerable to a HTTP response splitting vulnerability that may allow an attacker to perform a cross-site scripting attack against the remote host.

Solution

Upgrade to Serendipity 0.7.0rc1 or higher.