Description

Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.

Remediation

References

CVE-2015-2289

Related Vulnerabilities

MySQL CVE-2014-2430 Vulnerability (CVE-2014-2430)

MySQL CVE-2023-21976 Vulnerability (CVE-2023-21976)

PostgreSQL Other Vulnerability (CVE-2002-0972)

MySQL CVE-2020-14891 Vulnerability (CVE-2020-14891)

WordPress 5.1.x PHP Object Injection (5.1 - 5.1.9)

Severity

Low

Classification

CVE-2015-2289 CWE-707

Tags

Missing Update Known Vulnerabilities