Описание
Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post.
Ссылки
- Product
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:s9y:serendipity:2.4.0:-:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.0003
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
debian
около 2 месяцев назад
Serendipity 2.4.0 contains a stored cross-site scripting vulnerability ...
CVSS3: 4.6
github
около 2 месяцев назад
Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post.
EPSS
Процентиль: 8%
0.0003
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79