Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package prior to 1.5.5, allows remote malicious users to execute arbitrary code in the image manager.
Debian Bug report logs -
#611661
Bundled plugins using Xinha allow malicious file uploads
Package:
serendipity;
Maintainer for serendipity is (unknown);
Reported by: "Daniel E Markle" <dmarkle@ashtechnet>
Date: Mon, 31 Jan 2011 18:45:01 UTC
Severity: grave
Tags: security
Found in version serendipity/153-2
Fixed in ver ...