Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/.
Software | From | Fixed in |
---|---|---|
s9y / serendipity_event_freetag | - | 2.96 |