Hi team, I would like to request one CVE id for this, thank you!
Details ====== Software: s9y Serendipity Version: 2.1-rc1 Homepage: https://docs.s9y.org/ ======= Description ================ stored XSS in Serendipity v2.1-rc1 allows attacker steals admin’s cookie and other informations =========== POC ========== 1.login as a common editor user 2.open a new entry ,then write: <img src=1 onerror=alert(document.cookie)> post it! 2.then when admin view it,XSS attack will occur! ========= Fixed ======== https://github.com/s9y/Serendipity/issues/456 ======== Best regards, Zhiyang Zeng of Tencent security platform department _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
