oss-sec mailing list archives
XSS via EXIF tag in Serendipity blog
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 3 May 2019 17:42:18 +0200
Hi, I reported some XSS issues via EXIF tags in the Serendipity blog software: https://github.com/s9y/Serendipity/issues/598 These have now been fixed: https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html This is backend XSS and only relevant if you have multiple authors or upload potentially untrusted image files. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- XSS via EXIF tag in Serendipity blog Hanno Böck (May 03)
- Re: XSS via EXIF tag in Serendipity blog Henri Salo (May 10)