Cross-Site Scripting Vulnerabilities in Serendipity CMS by Serendipity Development Team
CVE-2016-9681
5.4MEDIUM
What is CVE-2016-9681?
Multiple cross-site scripting (XSS) vulnerabilities exist in Serendipity CMS versions before 2.0.5, enabling remote authenticated users to inject arbitrary web scripts or HTML through category or directory names. This could lead to unauthorized actions, data leakage, and compromised user accounts.