Description

Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.

Remediation

References

CVE-2015-6969

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-0988)

Drupal Core 8.8.x Cross-Site Scripting (8.8.0 - 8.8.5)

WordPress Plugin Business Hours Pro Arbitrary File Upload (5.5.0)

PHP Improper Input Validation Vulnerability (CVE-2012-0788)

Joomla Missing Authorization Vulnerability (CVE-2021-23123)

Severity

Medium

Classification

CVE-2015-6969 CWE-707

Tags

Missing Update Known Vulnerabilities