Cross-Site Scripting Vulnerability in 2k11 Theme of Serendipity
CVE-2015-6969

Currently unrated

Key Information:

Vendor: S9y
Status: Serendipity
Vendor: CVE Published:; 16 September 2015

What is CVE-2015-6969?

The 2k11 theme used in Serendipity prior to version 2.0.2 is susceptible to a cross-site scripting attack. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML into user comments, which are inadequately filtered in the Reply link functionality. This makes it possible for an attacker to execute malicious scripts in the context of users' browsers if they interact with the compromised comments, potentially leading to further security risks.

References

http://blog.curesec.com/article/blog/Serendipity-201-Pers...

x_refsource_MISC

http://seclists.org/fulldisclosure/2015/Sep/9

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/133427/Serendipity-2...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 16, 2015

JSON

S9y

What is CVE-2015-6969?

References

Timeline