Page 1 of 1

CVE-2016-10737

Posted: Mon Jan 21, 2019 12:33 pm
by hsalo
Hello,

Vulnerability CVE-2016-10737 is described as:

Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.

with https://www.exploit-db.com/exploits/40650 as reference.

In what release is this vulnerability fixed?

Re: CVE-2016-10737

Posted: Wed Jan 23, 2019 6:48 pm
by onli
https://github.com/s9y/Serendipity/releases/tag/2.1.3 might reference that with "Prevent XSS in the "Edit entries" panel".