S9Y Serendipity : Security vulnerabilities, CVEs xss, cross site scripting published in April 2017

CVE-2017-8102

Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.

Max CVSS

5.4

EPSS Score

0.08%

Published

2017-04-24

Updated

2017-04-28

1 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!

Accept Close

S9Y » Serendipity : Security Vulnerabilities, CVEs, Published In April 2017 (XSS)

CVE-2017-8102