Serendipity 1.6.2 - Cross-site Scripting
Advisory ID: RO-13-002
Severity: Medium
Vendor: Serendipity
Product: Serendipity
Version: 1.6.2


Overview #

Multiple Cross-site Scripting (XSS) vulnerabilities exist in Serendipity version 1.6.2. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML.


Vulnerability Details #

Affected Versions: 1.6.2 and earlier

Root Cause: Insufficient input validation and output encoding in the admin image selector.
Technical Details #

Vulnerable URLs in serendipity_admin_image_selector.php:

/serendipity_admin_image_selector.php?serendipity[textarea]='%2Balert(0x000887)%2B'

/serendipity_admin_image_selector.php?serendipity[htmltarget]='%2Balert(0x000A02)%2B'



Exploitation Requirements #

    No authentication required
    Victim must click a crafted link

Impact #

Remote attackers can exploit these vulnerabilities to:

    Steal user session cookies
    Perform actions on behalf of users
    Redirect users to malicious websites



Solution #

Update to a patched version of Serendipity.


References #

    Invicti Advisory NS-13-003

Timeline:

    [2013-02-26] - First Contact
    [2013-03-04] - Sent Details
    [2013-07-12] - Advisory Released

Credits: Omar Kurt