fkie_nvd - fkie_cve-2008-1385

fkie_cve-2008-1385

Vulnerability from fkie_nvd

Published

2008-04-23 13:05

Modified

2024-11-21 00:44

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html
cve@mitre.org	http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html	Patch
cve@mitre.org	http://int21.de/cve/CVE-2008-1385-s9y.html
cve@mitre.org	http://secunia.com/advisories/29942	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/491176/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/28885	Exploit, Patch
cve@mitre.org	http://www.securitytracker.com/id?1019915
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1348/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41965
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html
af854a3a-2127-422b-91ae-364da2661108	http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://int21.de/cve/CVE-2008-1385-s9y.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29942	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/491176/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28885	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019915
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1348/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41965

Impacted products

Vendor	Product	Version
s9y	serendipity	*
s9y	serendipity	0.3
s9y	serendipity	0.4
s9y	serendipity	0.5_pl1
s9y	serendipity	0.6_pl3
s9y	serendipity	0.7
s9y	serendipity	0.7.1
s9y	serendipity	0.8
s9y	serendipity	0.8.1
s9y	serendipity	0.8.2
s9y	serendipity	0.8.3
s9y	serendipity	0.8.4
s9y	serendipity	0.8.5
s9y	serendipity	0.9
s9y	serendipity	0.9.1
s9y	serendipity	1.0
s9y	serendipity	1.0.1
s9y	serendipity	1.0.2
s9y	serendipity	1.0.3
s9y	serendipity	1.0.4
s9y	serendipity	1.1
s9y	serendipity	1.1.1
s9y	serendipity	1.1.2
s9y	serendipity	1.1.3
s9y	serendipity	1.1.4
s9y	serendipity	1.2
s9y	serendipity	1.2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C68AE2-6841-4FF8-BECB-6381224C2C3E",
              "versionEndIncluding": "1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B2FF146-8CEF-48C8-81A3-08B4736DC27D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5986FA95-D0F8-4E41-A445-F2F0EFEE872A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "22A4B77F-67DC-4D25-8948-0C0B59C38E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E24AD8E2-AEB7-4D73-9B15-AE0B293A0825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5193D1-4BB6-4B2C-8361-BA1C7BE7524B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B62B695-74A2-49AA-87EF-38F129A94755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D4ACB96-F32D-40E2-A9F3-A3CD78658C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B027CFC-5E0E-45D3-82BC-8F59F386D188",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C6CB12-9D14-4D5C-8FC0-02179436B487",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D55BCF-58D1-48D8-9BA2-2884F6126F8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "707176E4-B735-4A6A-AC7D-01250663D25D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0132EF3F-F9D8-4CEC-A774-4929B4DE6E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2217392-37F3-4CC6-85DE-33CB8841814F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "706E7CF6-C396-4A19-B87C-05BA8C8D9EE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C422BF-FBDE-4DD2-BB55-868B19890479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1E92848-05FA-45EE-BD8A-98E337131892",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en el plugin Top Referers (tambi\u00e9n conocido como referrer) de Serendipity (S9Y) anterior a 1.3.1 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de una cabecera HTTP Referer."
    }
  ],
  "id": "CVE-2008-1385",
  "lastModified": "2024-11-21T00:44:25.370",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-23T13:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://int21.de/cve/CVE-2008-1385-s9y.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29942"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28885"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019915"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1348/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://int21.de/cve/CVE-2008-1385-s9y.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1348/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41965"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2008-1385

Vulnerability from cvelistv5

Published

2008-04-23 10:00

Modified

2024-08-07 08:17