CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-6205

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0570%
EPSS Percentile31.53th
Published2007年12月11日
Last Modified2026年4月23日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.

Affected Platforms (CPE)

📦
S9y

Serendipity

= 0.3
📦
S9y

Serendipity

= 0.4
📦
S9y

Serendipity

= 0.5
📦
S9y

Serendipity

= 0.5_pl1
📦
S9y

Serendipity

= 0.6
📦
S9y

Serendipity

= 0.6_pl1
📦
S9y

Serendipity

= 0.6_pl2
📦
S9y

Serendipity

= 0.6_pl3
📦
S9y

Serendipity

= 0.6_rc1
📦
S9y

Serendipity

= 0.6_rc2
📦
S9y

Serendipity

= 0.7
📦
S9y

Serendipity

= 0.7.1
📦
S9y

Serendipity

= 0.7_beta1
📦
S9y

Serendipity

= 0.7_beta2
📦
S9y

Serendipity

= 0.7_beta3
📦
S9y

Serendipity

= 0.7_beta4
📦
S9y

Serendipity

= 0.7_rc1
📦
S9y

Serendipity

= 0.8
📦
S9y

Serendipity

= 0.8.1
📦
S9y

Serendipity

= 0.8.2
📦
S9y

Serendipity

= 0.8.3
📦
S9y

Serendipity

= 0.8.4
📦
S9y

Serendipity

= 0.8.5
📦
S9y

Serendipity

= 0.8_beta_5
📦
S9y

Serendipity

= 0.8_beta_6
📦
S9y

Serendipity

= 0.8_beta5
📦
S9y

Serendipity

= 0.8_beta6
📦
S9y

Serendipity

= 0.9
📦
S9y

Serendipity

= 0.9.1
📦
S9y

Serendipity

= 1.0.3
📦
S9y

Serendipity

= 1.0.4
📦
S9y

Serendipity

= 1.0_beta1
📦
S9y

Serendipity

= 1.0_beta2
📦
S9y

Serendipity

= 1.0_beta3
📦
S9y

Serendipity

= 1.1.1
📦
S9y

Serendipity

= 1.1.3
📦
S9y

Serendipity

= 1.1.4

References & Advisories

🔗 http://blog.s9y.org/archives/187-Serendipity-1.2.1-released.html
🔗 http://osvdb.org/39143
🔗 http://secunia.com/advisories/28012
🔗 http://secunia.com/advisories/29502
🔗 http://securityreason.com/securityalert/3437
🔗 http://www.debian.org/security/2008/dsa-1528
🔗 http://www.int21.de/cve/CVE-2007-6205-s9y.html
🔗 http://www.securityfocus.com/archive/1/484800/100/0/threaded

関連する脆弱性情報

CVE-2005-144910.0

Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.

CVE-2005-145210.0

Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."

CVE-2020-109649.8

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may e...

CVE-2011-11349.8

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbit...