CVE-2017-8102
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin’s cookie and other information by crafting a new entry as an editor user. The root cause is related to the absence of the serendipity_event_xsstrust plugin and a set_config error in that plugin. No explicit remediation is pro...