CVE-2004-2157 - Ratiocinative Angie

Description

Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1 and possibly other versions before 0.7-beta3 allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html http://www.securityfocus.com/bid/11269 http://securitytracker.com/id?1011448 http://secunia.com/advisories/12673/ https://exchange.xforce.ibmcloud.com/vulnerabilities/17536