Skip to main content

Serendipity CVE-2015-6969

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2015-09-16 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 16, 2015 - 14:59 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.

AnalysisAI

Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link. Affected products include: S9Y Serendipity. Version information: before 2.0.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-31576 HIGH POC
8.8 May 16

An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted

CVE-2012-2332 HIGH POC
7.5 Aug 13

SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to

CVE-2012-2331 MEDIUM POC
4.3 Aug 13

Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1

CVE-2015-6968 MEDIUM POC
6.5 Sep 16

Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.p

CVE-2016-10082 CRITICAL
9.8 Dec 30

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Exe

CVE-2015-6943 MEDIUM POC
6.0 Sep 15

SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Seren

CVE-2020-10964 CRITICAL
9.8 Mar 25

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed

CVE-2016-9681 MEDIUM POC
5.4 Dec 25

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inje

CVE-2015-8603 MEDIUM POC
5.4 Jan 12

Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web scr

CVE-2017-8102 MEDIUM POC
5.4 Apr 24

Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a ne

CVE-2017-5609 HIGH
8.8 Jan 28

SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users

CVE-2017-5476 HIGH
8.8 Jan 14

Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. Rated high severity (

Share

CVE-2015-6969 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy