CVE-2007-6390

Name of the Vulnerable Software and Affected Versions Serendipity mycalendar plugin versions prior to 0.13

Description A cross-site request forgery (CSRF) issue allows remote attackers to perform actions as blog administrators. This can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page.

Recommendations For versions prior to 0.13, update to version 0.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the mycalendar plugin until a patch is applied.