Description

Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php.

Remediation

References

CVE-2015-8603

Related Vulnerabilities

Moodle Resource Management Errors Vulnerability (CVE-2015-2268)

WordPress Plugin Ad Swapper Cross-Site Scripting (1.0.3)

WordPress Plugin Relevanssi-A Better Search SQL Injection (3.6.0)

Oracle Database Server CVE-2015-4921 Vulnerability (CVE-2015-4921)

WordPress Plugin MPL-Publisher-Create your Ebook & Audiobook Cross-Site Scripting (1.29.1)

Severity

Medium

Classification

CVE-2015-8603 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities