Cross-Site Scripting Vulnerability in Serendipity by S9Y
CVE-2015-2289

Currently unrated

Key Information:

Vendor: S9y
Status: Serendipity
Vendor: CVE Published:; 23 March 2015

What is CVE-2015-2289?

A cross-site scripting vulnerability exists in Serendipity prior to version 2.0.1, allowing remote authenticated editors to inject arbitrary web scripts or HTML through the 'serendipity[cat][name]' parameter in 'serendipity_admin.php' when creating a new category. This can lead to unauthorized manipulation of content and could compromise the security of the site.

References

http://www.securityfocus.com/archive/1/534871/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/130838/Serendipity-C...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2015/03/14/1

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2015
Vulnerability Reserved
Mar 13, 2015

JSON

S9y

What is CVE-2015-2289?

References

Timeline