Vulnerability Description
Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| S9Y | Serendipity | <= 2.0.1 |
Related Weaknesses (CWE)
References
- http://blog.curesec.com/article/blog/Serendipity-201-Persistent-XSS-51.htmlExploit
- http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.htmlPatchVendor Advisory
- http://packetstormsecurity.com/files/133427/Serendipity-2.0.1-Cross-Site-ScriptiExploit
- http://seclists.org/fulldisclosure/2015/Sep/9ExploitPatch
- http://blog.curesec.com/article/blog/Serendipity-201-Persistent-XSS-51.htmlExploit
- http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.htmlPatchVendor Advisory
- http://packetstormsecurity.com/files/133427/Serendipity-2.0.1-Cross-Site-ScriptiExploit
- http://seclists.org/fulldisclosure/2015/Sep/9ExploitPatch
FAQ
What is CVE-2015-6969?
CVE-2015-6969 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, wh...
How severe is CVE-2015-6969?
CVE-2015-6969 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6969?
Check the references section above for vendor advisories and patch information. Affected products include: S9Y Serendipity.