Posted by Wester 95 on Apr 09

Hi team,

I would like to request one CVE id for this, thank you!

Details

======

Software: s9y Serendipity

Version: 2.1-rc1

Homepage: https://docs.s9y.org/

=======

Description

================

stored XSS in Serendipity v2.1-rc1 allows attacker steals admin’s cookie and other informations

===========

POC

==========

1.login as a common editor user

2.open a new entry ,then write:

<img src=1 onerror=alert(document.cookie)>…