Serene Bach Multiple Unspecified Cross-Site Scripting Vulnerabilities

Bugtraq ID:	21884
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 05 2007 12:00AM
Updated:	Jan 05 2007 09:41PM
Credit:	The vendor reported this issue.
Vulnerable:	SimpleBoxes/SerendipityNZ Ltd. Serene Bach 2.08D SimpleBoxes/SerendipityNZ Ltd. Serene Bach 2.05R SimpleBoxes/SerendipityNZ Ltd. Serene Bach 1.18R SimpleBoxes/SerendipityNZ Ltd. Serene Bach 1.13D
Not Vulnerable:	SimpleBoxes/SerendipityNZ Ltd. Serene Bach 2.09R SimpleBoxes/SerendipityNZ Ltd. Serene Bach 1.19R

Serene Bach Multiple Unspecified Cross-Site Scripting Vulnerabilities

Serene Bach is prone to multiple unspecified cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary HTML and script code in a userâ??s browser session in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect versions 2.08D, 2.05R, 1.13D, and 1.18R.

Serene Bach Multiple Unspecified Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues to entice an unsuspecting victim to follow a malicious URI.

Serene Bach Multiple Unspecified Cross-Site Scripting Vulnerabilities

Solution:
The vendor has released updates to address these issues. Please see the references for more information.

Serene Bach Multiple Unspecified Cross-Site Scripting Vulnerabilities

References:

• Serene Bach Homepage (SimpleBoxes/SerendipityNZ Ltd.)
  
• Serene Bach Release Notes 1.19R (SimpleBoxes/SerendipityNZ Ltd.)
  
• Serene Bach Release Notes 2.09R (SimpleBoxes/SerendipityNZ Ltd.)