Stored Cross-Site Scripting Vulnerability in Serendipity by Serendipity Project
CVE-2017-8102

5.4MEDIUM

Key Information:

Vendor: S9y
Status: Serendipity
Vendor: CVE Published:; 24 April 2017

What is CVE-2017-8102?

A stored cross-site scripting vulnerability exists in Serendipity v2.1-rc1 that allows unauthorized users to create malicious entries that can compromise admin cookies and sensitive information. This issue arises from the absence of proper sanitization in the serendipity_event_xsstrust plugin coupled with a configuration error. Attackers can exploit this vulnerability to execute malicious scripts in the context of the admin user.

References

http://seclists.org/fulldisclosure/2017/Apr/44

x_refsource_MISC

https://github.com/s9y/Serendipity/issues/456

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 24, 2017

JSON

S9y

What is CVE-2017-8102?

References

CVSS V3.1

Timeline