CVE-2016-9681

Multiple cross-site scripting XSS vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name...

CVE-2016-9681

Multiple cross-site scripting XSS vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name...

CVE-2016-9681

CVE-2016-9681 concerns Serendipity (PHP-based blog) versions prior to 2.0.5. The vulnerability is a stored XSS in the templates/2k11/admin/category.inc.tpl caused by improper validation of category/directory names, exploitable by an authenticated remote attacker to inject arbitrary script/HTML. T...