6 matches found
CVE-2015-6969
Cross-site scripting XSS vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link...
CVE-2015-6969
Cross-site scripting XSS vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link...
Cross site scripting
Cross-site scripting XSS vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link...
CVE-2015-6969
Cross-site scripting XSS vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link...
CVE-2015-6969
This CVE refers to a Cross-site Scripting (XSS) flaw in the Serendipity 2k11 theme, specifically in js/2k11.min.js, affecting Serendipity before 2.0.2. The root cause is improper handling of usernames in comments via jQuery.text() in the Reply link, enabling remote attackers to inject arbitrary s...
Serendipity 2.0.1 Cross Site Scripting
Serendipity 2.0.1: Persistent XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected] Vulnerabili...