Stored XSS in Serendipity v2.1-rc1 allows an malicious user to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
s9y serendipity 2.1 |