Description

Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.

Remediation

References

CVE-2004-2525

Related Vulnerabilities

IBM WebSEAL Insertion of Sensitive Information into Log File Vulnerability (CVE-2017-1480)

Next.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-6184)

MySQL CVE-2019-2607 Vulnerability (CVE-2019-2607)

WordPress Plugin Brizy-Page Builder Unspecified Vulnerability (2.4.45)

PHP Improper Access Control Vulnerability (CVE-2016-5385)

Severity

Medium

Classification

CVE-2004-2525

Tags

Missing Update Known Vulnerabilities