S9Y » Serendipity : Security Vulnerabilities, CVEs, Published In 2015 (XSS)
Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.
Max CVSS
4.3
EPSS Score
0.23%
Published
2015-09-16
Updated
2015-09-16
Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.
Max CVSS
3.5
EPSS Score
0.14%
Published
2015-03-23
Updated
2018-10-09
2 vulnerabilities found