CVE-2015-6969

Name of the Vulnerable Software and Affected Versions Serendipity versions prior to 2.0.2

Description A cross-site scripting (XSS) issue exists due to improper handling of user input in the 2k11 theme, specifically in the js/2k11.min.js file. This allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which can be triggered through a Reply link.

Recommendations For versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue. As a temporary workaround, consider disabling the Reply link functionality in the 2k11 theme until the update is applied.