Riss Mcree

**Name of the Vulnerable Software and Affected Versions** Serendipity versions prior to 1.5.5 Xinha (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary code. This is due to a Cross-Site Scripting (XSS) flaw in Xinha, which is included in the Serendipity package. The affected files are plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. **Recommendations** For Serendipity versions prior to 1.5.5, update to version 1.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php files until a patch is available.