Cross-Site Scripting Vulnerability in Serendipity by Serendipity Team
CVE-2016-10737

5.4MEDIUM

Key Information:

Vendor: S9y
Status: Serendipity
Vendor: CVE Published:; 16 January 2019

What is CVE-2016-10737?

The vulnerability in Serendipity 2.0.4 allows an attacker to exploit cross-site scripting via the 'serendipity[body]' parameter in 'serendipity_admin.php'. By injecting malicious scripts, an attacker can execute arbitrary JavaScript in the context of a user’s session. This could lead to unauthorized actions or data theft, highlighting the need for prompt updates and security measures.

References

https://www.exploit-db.com/exploits/40650

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 16, 2019

JSON

S9y

What is CVE-2016-10737?

References

CVSS V3.1

Timeline