QwikSec

Security Database

CVE

CWE

Training

CVE-2015-2289

Published: Mar 23, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20150313 Serendipity CMS - XSS Vulnerability in Version 2.0

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/130838/Serendipity-CMS-2.0-Cross-Site-Scripting.html

x_refsource_MISC

[oss-security] 20150314 CVE-2015-2289: Serendipity CMS cross-site scripting vulnerability in 2.0 version

mailing-list

x_refsource_MLIST

http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html

x_refsource_CONFIRM

https://github.com/s9y/Serendipity/commit/a30886d3bb9d8eeb6698948864c77caaa982435d

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.