XSS in S9y Serendipity

CVE-2015-2289

Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_adm…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (52.4th percentile) — read the EPSS interpretation.

Affected products

S9y Serendipity
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

20150313 Serendipity CMS - XSS Vulnerability in Version 2.0 (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (Exploit, x_refsource_MISC)
[oss-security] 20150314 CVE-2015-2289: Serendipity CMS cross-site scripting vulnerability in 2.0 version (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
1031961 (vdb-entry, x_refsource_SECTRACK)