Description

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.

Remediation

References

CVE-2011-1134

Related Vulnerabilities

WordPress Plugin Import all XML, CSV & TXT into WordPress Information Disclosure (3.6.74)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-3557)

MySQL CVE-2017-10283 Vulnerability (CVE-2017-10283)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14748)

WordPress Plugin PhonePe Payment Solutions Server-Side Request Forgery (1.0.15)

Severity

Critical

Classification

CVE-2011-1134 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities