CNNVD-202512-3184 Information
CNNVD ID
CNNVD-202512-3184
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
Serendipity是Serendipity团队的一套基于PHP的博客系统。该系统支持创建在线日记、博客、网页等。 Serendipity 2.4.0版本存在跨站脚本漏洞,该漏洞源于经过身份验证的用户可通过创建博客条目注入恶意脚本,可能导致存储型跨站脚本攻击。
Description (English)
Serendipity is a PHP-based blog system for the Serendipity team. The system supports the creation of online journals, blogs, web pages, etc. Version 2.4.0 of Serendipity has a cross-site script loophole, which stems from the fact that an identified user can inject a malicious script by creating a blog entry, which could lead to a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Serendipity
Published
2025-12-17
Last Modified
2026-02-24
References
https://www.vulncheck.com/advisories/serendipity-stored-cross-site-scripting-via-admin-entry-creation https://docs.s9y.org/ https://www.exploit-db.com/exploits/51373 https://access.redhat.com/security/cve/cve-2023-53932
Patch
https://docs.s9y.org/downloads.html
Share on: