Description

Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.

Remediation

References

CVE-2013-5670

Related Vulnerabilities

WordPress Plugin LeagueManager SQL Injection (3.8)

MySQL CVE-2022-21307 Vulnerability (CVE-2022-21307)

WordPress Other Vulnerability (CVE-2006-0985)

WordPress Plugin MATRIX 3D Cross-Site Scripting (1.2)

WordPress Plugin WP-TopBar Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (4.02)

Severity

Medium

Classification

CVE-2013-5670 CWE-707

Tags

Missing Update Known Vulnerabilities