FreeBSD : Serendipity -- XSS Vulnerabilities (96ed277b-60e0-11db-ad2d-0016179b2dd5)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Serendipity Team reports :

Serendipity failed to correctly sanitize user input on the media
manager administration page. The content of GET variables were written
into JavaScript strings. By using standard string evasion techniques
it was possible to execute arbitrary JavaScript.

Additionally Serendipity dynamically created a HTML form on the media
manager administration page that contained all variables found in the
URL as hidden fields. While the variable values were correctly escaped
it was possible to break out by specifying strange variable names.

See also :

http://www.hardened-php.net/advisory_112006.136.htmlSerendipity
http://www.nessus.org/u?e3e03e92

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22910 (freebsd_pkg_96ed277b60e011dbad2d0016179b2dd5.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now