CVE-2015-2289
The CVE-2015-2289 vulnerability affects Serendipity prior to 2.0.1, where the XSS flaw is in templates/2k11/admin/entries.tpl. Remote authenticated editors can inject arbitrary script/HTML via the serendipity[cat][name] parameter to serendipity_admin.php when creating a new category. Root cause i...