Vulnerabilities

CVE-2015-2289

by Fred · 23/03/2015

Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.

Date published : 2015-03-23

http://www.securityfocus.com/archive/1/534871/100/0/threaded

http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html

Similar

Tags: Cybersecurity Alert