CVE-2011-1135

Name of the Vulnerable Software and Affected Versions Serendipity versions prior to 1.5.5 Xinha (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary code. This is due to a Cross-Site Scripting (XSS) flaw in Xinha, which is included in the Serendipity package. The affected files are plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.

Recommendations For Serendipity versions prior to 1.5.5, update to version 1.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php files until a patch is available.