Cross Site Scripting (XSS) in serendipity 1.3 referrer plugin, CVE-2008-1385



In the referrer plugin of the blog application serendipity, the referrer string is not escaped, thus leading to a permanent XSS.


One can inject malicious javascript code with:

wget --referer='http://<hr onMouseOver="alert(7)">'

If you are using the referrer plugin, upgrade to 1.3.1.

Disclosure Timeline

2008-03-18 Vendor contacted
2008-03-18 Vendor answered
2008-03-18 Vendor fixed issue in trunk/branch revision
2008-04-22 Vendor released 1.3.1
2008-04-22 Advisory published

CVE Information

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-1385 to this issue. This is a candidate for inclusion in the CVE list (, which standardizes names for security problems.

Credits and copyright

This vulnerability was discovered by Hanno Boeck of webhosting. It's licensed under the creative commons attribution license.

Hanno Boeck, 2008-04-xx,