Description
Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.
Remediation
References
Related Vulnerabilities
Perl Out-of-bounds Write Vulnerability (CVE-2018-6913)
Oracle Database Server CVE-2008-1817 Vulnerability (CVE-2008-1817)
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2018-20148)
WordPress Plugin Simply Instagram Cross-Site Scripting (1.2.6)
WordPress Plugin Comment Rating 'id' Parameter SQL Injection (2.9.23)