CVE-2011-1133

Name of the Vulnerable Software and Affected Versions Serendipity versions prior to 1.5.5

Description The issue allows remote attackers to execute arbitrary code. This is due to a Cross-Site Scripting (XSS) flaw in Xinha, which is included in the Serendipity package. The vulnerability can be exploited via the backend.php file in the plugins/ExtendedFileManager directory.

Recommendations For versions prior to 1.5.5, update to version 1.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the backend.php file in the plugins/ExtendedFileManager directory to minimize the risk of exploitation.