Vulnerability Description
Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| S9Y | Serendipity | <= 1.7.2 |
Related Weaknesses (CWE)
References
- http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html
- http://www.opensyscom.fr/Actualites/serendipity-xss-vulnerability.html
- http://www.openwall.com/lists/oss-security/2013/09/01/1Patch
- http://www.openwall.com/lists/oss-security/2013/09/01/3Patch
- http://www.osvdb.org/87395
- http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html
- http://www.opensyscom.fr/Actualites/serendipity-xss-vulnerability.html
- http://www.openwall.com/lists/oss-security/2013/09/01/1Patch
- http://www.openwall.com/lists/oss-security/2013/09/01/3Patch
- http://www.osvdb.org/87395
FAQ
What is CVE-2013-5670?
CVE-2013-5670 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to i...
How severe is CVE-2013-5670?
CVE-2013-5670 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5670?
Check the references section above for vendor advisories and patch information. Affected products include: S9Y Serendipity.