CVE-2015-6969

Cross-site scripting XSS vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link...

CVE-2015-6969

Cross-site scripting XSS vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link...

Cross site scripting

Cross-site scripting XSS vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link...

CVE-2015-6969

This CVE refers to a Cross-site Scripting (XSS) flaw in the Serendipity 2k11 theme, specifically in js/2k11.min.js, affecting Serendipity before 2.0.2. The root cause is improper handling of usernames in comments via jQuery.text() in the Reply link, enabling remote attackers to inject arbitrary s...

CVE-2015-6969

Cross-site scripting XSS vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link...

Serendipity 2.0.1 Cross Site Scripting

Serendipity 2.0.1: Persistent XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected] Vulnerabili...

CVE-2015-2289

Cross-site scripting XSS vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipitycatname parameter to serendipityadmin.php, when creating a new category...