NVD

Id
44144  
Name
CVE-2012-2331  
Description
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2012-08-13  
Modified Date
2012-08-14  
Seq
2012-2331  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
221725 44144 CVE-2012-2331 20120508 Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability  View
221726 44144 CVE-2012-2331 http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html  View
221727 44144 CVE-2012-2331 http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt  View
221728 44144 CVE-2012-2331 [oss-security] 20120508 CVE request: XSS and SQL injection in serendipity before 1.7.1  View
221729 44144 CVE-2012-2331 [oss-security] 20120508 Re: CVE request: XSS and SQL injection in serendipity before 1.7.1  View
221730 44144 CVE-2012-2331 http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html  View
221731 44144 CVE-2012-2331 53418  View
221732 44144 CVE-2012-2331 https://github.com/s9y/Serendipity/commit/264bf55719baacc069ff9d3cc35f0c349cde11e3  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
27877 JVNDB-2012-003584 Serendipity におけるクロスサイトスクリプティングの脆弱性 Serendipity の serendipity/serendipity_admin_image_selector.php には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2012-2331 55569 CVE-2012-2331 44144 4.3 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003584.html 2012-08-13 2012-08-15 View