CyberSec.Space Logo
Back to CVE Browser

CVE-2007-6205

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0570%
EPSS Percentile31.53th
PublishedDec 11, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.

Affected Platforms (CPE)

πŸ“¦
S9y

Serendipity

= 0.3
πŸ“¦
S9y

Serendipity

= 0.4
πŸ“¦
S9y

Serendipity

= 0.5
πŸ“¦
S9y

Serendipity

= 0.5_pl1
πŸ“¦
S9y

Serendipity

= 0.6
πŸ“¦
S9y

Serendipity

= 0.6_pl1
πŸ“¦
S9y

Serendipity

= 0.6_pl2
πŸ“¦
S9y

Serendipity

= 0.6_pl3
πŸ“¦
S9y

Serendipity

= 0.6_rc1
πŸ“¦
S9y

Serendipity

= 0.6_rc2
πŸ“¦
S9y

Serendipity

= 0.7
πŸ“¦
S9y

Serendipity

= 0.7.1
πŸ“¦
S9y

Serendipity

= 0.7_beta1
πŸ“¦
S9y

Serendipity

= 0.7_beta2
πŸ“¦
S9y

Serendipity

= 0.7_beta3
πŸ“¦
S9y

Serendipity

= 0.7_beta4
πŸ“¦
S9y

Serendipity

= 0.7_rc1
πŸ“¦
S9y

Serendipity

= 0.8
πŸ“¦
S9y

Serendipity

= 0.8.1
πŸ“¦
S9y

Serendipity

= 0.8.2
πŸ“¦
S9y

Serendipity

= 0.8.3
πŸ“¦
S9y

Serendipity

= 0.8.4
πŸ“¦
S9y

Serendipity

= 0.8.5
πŸ“¦
S9y

Serendipity

= 0.8_beta_5
πŸ“¦
S9y

Serendipity

= 0.8_beta_6
πŸ“¦
S9y

Serendipity

= 0.8_beta5
πŸ“¦
S9y

Serendipity

= 0.8_beta6
πŸ“¦
S9y

Serendipity

= 0.9
πŸ“¦
S9y

Serendipity

= 0.9.1
πŸ“¦
S9y

Serendipity

= 1.0.3
πŸ“¦
S9y

Serendipity

= 1.0.4
πŸ“¦
S9y

Serendipity

= 1.0_beta1
πŸ“¦
S9y

Serendipity

= 1.0_beta2
πŸ“¦
S9y

Serendipity

= 1.0_beta3
πŸ“¦
S9y

Serendipity

= 1.1.1
πŸ“¦
S9y

Serendipity

= 1.1.3
πŸ“¦
S9y

Serendipity

= 1.1.4

References & Advisories

πŸ”— http://blog.s9y.org/archives/187-Serendipity-1.2.1-released.html
πŸ”— http://osvdb.org/39143
πŸ”— http://secunia.com/advisories/28012
πŸ”— http://secunia.com/advisories/29502
πŸ”— http://securityreason.com/securityalert/3437
πŸ”— http://www.debian.org/security/2008/dsa-1528
πŸ”— http://www.int21.de/cve/CVE-2007-6205-s9y.html
πŸ”— http://www.securityfocus.com/archive/1/484800/100/0/threaded

Related Vulnerabilities

CVE-2005-144910.0

Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.

CVE-2005-145210.0

Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."

CVE-2020-109649.8

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may e...

CVE-2011-11349.8

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbit...