Cross-Site Scripting Vulnerability in Serendipity by Xinha
CVE-2011-1135

6.1MEDIUM

Key Information:

Vendor

S9y

Status
Serendipity
Vendor
CVE Published:
5 November 2019

What is CVE-2011-1135?

The Xinha component included in Serendipity versions prior to 1.5.5 is susceptible to Cross-Site Scripting (XSS). This vulnerability allows remote attackers to inject and execute arbitrary code via crafted input in specific manager files, including plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. Exploitation of this flaw could result in unauthorized actions and compromise the security and integrity of the affected website.

References

https://blog.s9y.org/archives/224-Important-Security-Upda...
x_refsource_CONFIRM
https://www.openwall.com/lists/oss-security/2011/03/02/5
x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.