Security fix for flash-based cloud in Freetag plugin

MustLive discovered a HTML-injection vulnerability in the tagcloud.swf Flashfile that the Freetag-Plugin bundles and makes optionally available.

The issue is fixed in version 1.23 of the flashfile, which has now been committed to the Serendipity plugin (in version 3.30).

Since the swf-File is always bundled with the update, it is recommended to update to the latest version of the plugin for all users, or to delete that specific .swf file.

Thanks to MustLive for sharing the information with us.


Trackback specific URI for this entry

  • No Trackbacks


Display comments as (Linear | Threaded)

Steve on at :

Thanks Garv, but how is this injection triggered? How can I see if anyone already used this vulnerability?

Witi on at :

*bump* Would be a nice information.

Pacquiao vs Marquez 3 on at :

nice blog & very informative, i'm bookmarking this blog & visiting again for updates.

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.

BBCode format allowed