Posted by Steffen Rösemann on Dec 23

Advisory: Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1

Advisory ID: SROEADV-2014-02

Author: Steffen Rösemann

Affected Software: CMS Serendipity v.2.0-rc1 (Release: 20th Dec 2014)

Vendor URL: http://www.s9y.org/

Vendor Status: fixed

CVE-ID: –

==========================

Vulnerability Description:

==========================

The Content Management System Serendipity v.2.0-rc1 has a stored
XSS-vulnerability in its comment…