CVE-2015-6969

Published: 16 September 2015

Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.

Priority

Status

Package	Release	Status
serendipity Launchpad, Ubuntu, Debian	precise	Not vulnerable (2k11.min.js not present)
	trusty	Does not exist
	upstream	Released (2.0.2)
	vivid	Does not exist

References

http://seclists.org/fulldisclosure/2015/Sep/9
http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html
http://packetstormsecurity.com/files/133427/Serendipity-2.0.1-Cross-Site-Scripting.html
http://blog.curesec.com/article/blog/Serendipity-201-Persistent-XSS-51.html
https://www.cve.org/CVERecord?id=CVE-2015-6969
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.