Vulnerabilities > CVE-2006-5499 - Cross-Site Scripting vulnerability in Serendipity Administration Page

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

serendipity

NVD

Published: 2006-10-25

Updated: 2018-10-17

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.

Vulnerable Configurations

Part	Description	Count
Application	Serendipity Serendipity Serendipity *	1

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html
http://secunia.com/advisories/22501
http://securityreason.com/securityalert/1771
http://securitytracker.com/id?1017100
http://www.hardened-php.net/advisory_112006.136.html
http://www.osvdb.org/29893
http://www.s9y.org/forums/viewtopic.php?t=7356
http://www.securityfocus.com/archive/1/449189/100/0/threaded
http://www.securityfocus.com/bid/20627
http://www.vupen.com/english/advisories/2006/4135
https://exchange.xforce.ibmcloud.com/vulnerabilities/29695