4 matches found
CVE-2015-6969
Cross-site scripting XSS vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link...
CVE-2015-6969
Cross-site scripting XSS vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link...
CVE-2015-6969
Cross-site scripting XSS vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link...
CVE-2015-6969
This CVE refers to a Cross-site Scripting (XSS) flaw in the Serendipity 2k11 theme, specifically in js/2k11.min.js, affecting Serendipity before 2.0.2. The root cause is improper handling of usernames in comments via jQuery.text() in the Reply link, enabling remote attackers to inject arbitrary s...