2017-04-24 18:00:00
mitre
PUBLISHED
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admins cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.