In the referrer plugin of the blog application serendipity, the referrer string is not escaped, thus leading to a permanent XSS.
wget --referer='http://<hr onMouseOver="alert(7)">' http://someblog.com/
If you are using the referrer plugin, upgrade to 1.3.1.
2008-03-18 Vendor contacted
2008-03-18 Vendor answered
2008-03-18 Vendor fixed issue in trunk/branch revision
2008-04-22 Vendor released 1.3.1
2008-04-22 Advisory published
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-1385 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. It's licensed under the creative commons attribution license.
Hanno Boeck, 2008-04-xx, http://www.hboeck.de