CVE-2016-10737

Found a bug? Tell us!!
Post Reply
hsalo
Posts: 1
Joined: Mon Jan 21, 2019 12:13 pm

CVE-2016-10737

Post by hsalo » Mon Jan 21, 2019 12:33 pm

Hello,

Vulnerability CVE-2016-10737 is described as:

Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.

with https://www.exploit-db.com/exploits/40650 as reference.

In what release is this vulnerability fixed?

User avatar
onli
Regular
Posts: 2264
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: CVE-2016-10737

Post by onli » Wed Jan 23, 2019 6:48 pm

https://github.com/s9y/Serendipity/releases/tag/2.1.3 might reference that with "Prevent XSS in the "Edit entries" panel".

Post Reply