oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

XSS via EXIF tag in Serendipity blog

From: Hanno Böck <hanno () hboeck de>
Date: Fri, 3 May 2019 17:42:18 +0200
Hi,

I reported some XSS issues via EXIF tags in the Serendipity blog
software:
https://github.com/s9y/Serendipity/issues/598

These have now been fixed:
https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html

This is backend XSS and only relevant if you have multiple authors or
upload potentially untrusted image files.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Previous By Date Next
Previous By Thread Next

Current thread: