PT-2019-12531 · Serendipity · Serendipity

Hanno Böck

Publicado

2019-05-09

Atualizado

2019-05-10

CVE-2019-11870

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Serendipity versions prior to 2.1.5

Description The issue arises from mishandled EXIF data in the Editor Preview feature of the templates/2k11/admin/media choose.tpl or the Media Library feature of the templates/2k11/admin/media items.tpl, leading to a cross-site scripting (XSS) vulnerability.

Recommendations For versions prior to 2.1.5, update to version 2.1.5 or later to resolve the issue. As a temporary workaround, consider disabling the Editor Preview feature in the templates/2k11/admin/media choose.tpl and restricting access to the Media Library feature in the templates/2k11/admin/media items.tpl until the update is applied.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-11870

Produtos afetados

Serendipity

PT-2019-12531 · Serendipity · Serendipity

CVE-2019-11870

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6