PublicDate: 2008-02-28 20:44:00 UTC
Candidate: CVE-2008-0124
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0124
Description:
 Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before
 1.3-beta1 allows remote authenticated users to inject arbitrary web script
 or HTML via (1) the "Real name" field in Personal Settings, which is
 presented to readers of articles; or (2) a file upload, as demonstrated by
 a .htm, .html, or .js file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469667
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_serendipity:
upstream_serendipity: released (1.3-beta1)
dapper_serendipity: DNE
edgy_serendipity: DNE
feisty_serendipity: needed (reached end-of-life)
gutsy_serendipity: needed (reached end-of-life)
hardy_serendipity: ignored (reached end-of-life)
intrepid_serendipity: not-affected (1.3.1-1)
jaunty_serendipity: not-affected (1.3.1-1)
karmic_serendipity: not-affected (1.3.1-1)
lucid_serendipity: not-affected (1.3.1-1)
maverick_serendipity: not-affected (1.3.1-1)
natty_serendipity: not-affected (1.3.1-1)
oneiric_serendipity: not-affected (1.3.1-1)
devel_serendipity: not-affected (1.3.1-1)