CVE-2012-2331

NameCVE-2012-2331
DescriptionCross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs671937

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
serendipitysource(unstable)(unfixed)low671937

Notes

[squeeze] - serendipity <no-dsa> (Minor issue)
http://web.archive.org/web/20120527103654/http://www.koramis.com:80/advisories/2012/KORAMIS-ADV2012-001.txt
http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
CVE id requested http://seclists.org/oss-sec/2012/q2/276
Search for package or bug name: Reporting problems