serendipity -- XSS

2019-05-01T00:00:00
ID 3BA87032-7FBD-11E9-8A5F-C85B76CE9B5A
Type freebsd
Reporter FreeBSD
Modified 2019-05-01T00:00:00

Description

MITRE:

Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.