FreeBSD : Serendipity -- XSS Vulnerabilities (96ed277b-60e0-11db-ad2d-0016179b2dd5)
High Nessus Plugin ID 22910
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Serendipity Team reports :
Additionally Serendipity dynamically created a HTML form on the media manager administration page that contained all variables found in the URL as hidden fields. While the variable values were correctly escaped it was possible to break out by specifying strange variable names.
SolutionUpdate the affected package.