Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Serendipity < 0.7.0rc1 HTTP Response Splitting

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote host is running Serendipity, a weblog written in PHP. The remote version of this software is vulnerable to a HTTP response splitting vulnerability that may allow an attacker to perform a cross-site scripting attack against the remote host.

Solution

Upgrade to Serendipity 0.7.0rc1 or higher.