Serendipity 1.6.2 - Cross-site Scripting

Advisory ID: RO-13-002
Severity: Medium
Vendor: Serendipity
Product: Serendipity
Version: 1.6.2

Overview #

Multiple Cross-site Scripting (XSS) vulnerabilities exist in Serendipity version 1.6.2. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML.

Vulnerability Details #

Affected Versions: 1.6.2 and earlier

Root Cause: Insufficient input validation and output encoding in the admin image selector.

Technical Details #

Vulnerable URLs in serendipity_admin_image_selector.php:

/serendipity_admin_image_selector.php?serendipity[textarea]='%2Balert(0x000887)%2B'

/serendipity_admin_image_selector.php?serendipity[htmltarget]='%2Balert(0x000A02)%2B'

Exploitation Requirements #

  • No authentication required
  • Victim must click a crafted link

Impact #

Remote attackers can exploit these vulnerabilities to:

  • Steal user session cookies
  • Perform actions on behalf of users
  • Redirect users to malicious websites

Solution #

Update to a patched version of Serendipity.

References #

Timeline:

  • [2013-02-26] - First Contact
  • [2013-03-04] - Sent Details
  • [2013-07-12] - Advisory Released

Credits: Omar Kurt