Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Serendipity | S9y | 0.7_beta1 (including) | 0.7_beta1 (including) |