CVE-2008-1385

Serendipity < 1.3.1 - Cross-Site Scripting via Referer HTTP Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1385. PoCs published by Hanno Boeck.

AI-analyzed exploit summary This exploit demonstrates an HTML injection and XSS vulnerability in S9Y Serendipity 1.3 by injecting malicious JavaScript via the HTTP referrer header. The PoC uses wget to send a crafted referrer header containing an onMouseOver event to trigger an alert.

Description

Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Hanno Boeck · textwebappsphp
https://www.exploit-db.com/exploits/31682

This exploit demonstrates an HTML injection and XSS vulnerability in S9Y Serendipity 1.3 by injecting malicious JavaScript via the HTTP referrer header. The PoC uses wget to send a crafted referrer header containing an onMouseOver event to trigger an alert.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: S9Y Serendipity 1.3
No auth needed
Prerequisites: Access to a tool like wget or curl to send crafted HTTP requests
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/491176/100/0/threaded
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28885
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1348/references
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29942
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41965
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019915
Various Sources x_refsource_misc
http://int21.de/cve/CVE-2008-1385-s9y.html

Scores

EPSS 0.0450
EPSS Percentile 90.3%

Details

CWE
CWE-79
Status published
Products (27)
s9y/serendipity 0.3
s9y/serendipity 0.4
s9y/serendipity 0.5_pl1
s9y/serendipity 0.6_pl3
s9y/serendipity 0.7
s9y/serendipity 0.7.1
s9y/serendipity 0.8
s9y/serendipity 0.8.1
s9y/serendipity 0.8.2
s9y/serendipity 0.8.3
... and 17 more
Published Apr 23, 2008
Tracked Since Feb 18, 2026