CVE-2007-6205

Name of the Vulnerable Software and Affected Versions S9Y Serendipity versions prior to 1.2.1

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via a link in an RSS feed. This is related to the remote RSS sidebar plugin.

Recommendations For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider disabling the remote RSS sidebar plugin until a patch is available.