Description
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-2562 Vulnerability (CVE-2018-2562)
WebLogic CVE-2020-2766 Vulnerability (CVE-2020-2766)
WordPress Plugin WooCommerce Dynamic Pricing & Discounts Multiple Vulnerabilities (2.4.1)
WordPress Plugin WPPizza Cross-Site Scripting (2.11.8.17)
WordPress Plugin Improved Product Options for WooCommerce Security Bypass (5.2.0)