Share
## https://sploitus.com/exploit?id=PACKETSTORM:214743
Serendipity 1.6.2 - Cross-site Scripting
    Advisory ID: RO-13-002
    Severity: Medium
    Vendor: Serendipity
    Product: Serendipity
    Version: 1.6.2
    
    
    Overview #
    
    Multiple Cross-site Scripting (XSS) vulnerabilities exist in Serendipity version 1.6.2. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML.
    
    
    Vulnerability Details #
    
    Affected Versions: 1.6.2 and earlier
    
    Root Cause: Insufficient input validation and output encoding in the admin image selector.
    Technical Details #
    
    Vulnerable URLs in serendipity_admin_image_selector.php:
    
    /serendipity_admin_image_selector.php?serendipity[textarea]='%2Balert(0x000887)%2B'
    
    /serendipity_admin_image_selector.php?serendipity[htmltarget]='%2Balert(0x000A02)%2B'
    
    
    
    Exploitation Requirements #
    
        No authentication required
        Victim must click a crafted link
    
    Impact #
    
    Remote attackers can exploit these vulnerabilities to:
    
        Steal user session cookies
        Perform actions on behalf of users
        Redirect users to malicious websites
    
    
    
    Solution #
    
    Update to a patched version of Serendipity.
    
    
    References #
    
        Invicti Advisory NS-13-003
    
    Timeline:
    
        [2013-02-26] - First Contact
        [2013-03-04] - Sent Details
        [2013-07-12] - Advisory Released
    
    Credits: Omar Kurt