CVE-2008-0751

Name of the Vulnerable Software and Affected Versions S9Y Serendipity Freetag plugin version prior to 2.96

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via the PATH INFO to the plugin/tag/ endpoint. This issue is specifically exploitable when using Internet Explorer 6 or 7.

Recommendations For S9Y Serendipity Freetag plugin version prior to 2.96, update to version 2.96 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin/tag/ endpoint until the update is applied.