CVE-2008-0751

S9Y Serendipity Event Freetag < 2.96 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Alexander Brachmann · textwebappsphp

https://www.exploit-db.com/exploits/31126

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://blog.s9y.org/archives/190-Freetag-plugin-updated-to-prevent-XSS.html

[Third Party Advisory] http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060122.html

[Third Party Advisory] http://secunia.com/advisories/28852

[Broken Link] http://www.bitsploit.de/uploads/Code/200802080000/

[Exploit, Patch, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27697

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/40376

Scores

EPSS 0.0050

EPSS Percentile 65.5%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

s9y/serendipity_event_freetag < 2.96

Timeline

Published Feb 13, 2008

Tracked Since Feb 18, 2026