Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4090)

Description

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.

Remediation

References

Related Vulnerabilities

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5631)

WordPress Plugin Top 10-Popular posts for WordPress Cross-Site Request Forgery (1.9.2)

MySQL CVE-2018-3162 Vulnerability (CVE-2018-3162)

WordPress Plugin Podlove Podcast Publisher Multiple Vulnerabilities (2.3.15)

WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.4)

Severity

Medium

Classification

CVE-2011-4090 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities