In association with heise online

11 December 2007, 15:26

XSS vulnerability in Serendipity blog system remedied

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

External RSS feeds may allow users or readers of systems based on Serendipity to inject arbitrary HTML and script code and execute it within the browser in the context of the blog system. The vulnerability may even expose login data. The problem is the result of a lack of content filtering in external feeds by the remote RSS sidebar plug-in.

The flaw has been remedied in version 1.2.1 of Serendipity. In addition, the new version provides a number of improvements and fixes for minor flaws. For instance, a new WordPress database importer reportedly facilitates the switch from WordPress to Serendipity.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit