Serendipity version 2.0.2 suffers from a stored cross site scripting vulnerability.
bafb55dacc02a9d144ad9401ff63b71c1218bf0cd283d5b42f8f20c2e6d803e4
#Date: 28/10/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: Stored XSS
#Tested on: Windows 8.1
#Product: Serendipity
#Version: 2.0.2
#Description: Application is vulnerable to Stored XSS attack. There is a
XSS issue in version 2.0.2. and the vulnerable parameters are "Blog name"
and "Description".
Notified Vendor: September 20, 2015
Response: October 28, 2015
Closure of the security bug: Version 2.0.x
Reference: https://github.com/s9y/Serendipity/issues/365 (Vendor
Confirmation)
Thanks,
Joel V