Description
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4303)
WordPress Plugin Logo Carousel Cross-Site Scripting (1.7.1)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16943)
WordPress Plugin WordPress File Upload Cross-Site Scripting (4.3.2)
WordPress Plugin Job Board by BestWebSoft Cross-Site Scripting (1.0.0)