Description

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.

Remediation

References

CVE-2011-1134

Related Vulnerabilities

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10353)

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-23214)

WordPress Plugin Super Store Finder for WordPress (Google Maps Store Locator) SQL Injection (6.3)

WordPress Plugin Import/Export Customizer Settings Cross-Site Request Forgery (1.0.3)

MySQL CVE-2019-2436 Vulnerability (CVE-2019-2436)

Severity

Critical

Classification

CVE-2011-1134 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities