CVE-2013-5670

S9Y Serendipity < 1.7.2 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.

References (5)

Scores

EPSS 0.0033
EPSS Percentile 55.6%

Details

CWE
CWE-79
Status published
Products (39)
s9y/serendipity
s9y/serendipity < 1.7.2
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
s9y/serendipity
... and 29 more
Published Nov 05, 2013
Tracked Since Feb 18, 2026