Description
Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.
Remediation
References
Related Vulnerabilities
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1868)
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-13950)
MySQL CVE-2019-2502 Vulnerability (CVE-2019-2502)
Drupal Core 9.1.x Multiple Security Bypass Vulnerabilities (9.1.0 - 9.1.12)
WordPress Plugin ShiftNav-Responsive Mobile Menu Cross-Site Scripting (1.5.2)