CVE-2008-1385
Serendipity <1.3.1 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Hanno Boeck · textwebappsphp
https://www.exploit-db.com/exploits/31682
References (9)
Scores
EPSS
0.0674
EPSS Percentile
91.2%
Classification
CWE
CWE-79
Status
draft
Affected Products (27)
s9y/serendipity
< 1.3
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
... and 12 more
Timeline
Published
Apr 23, 2008
Tracked Since
Feb 18, 2026