Unrated severityNVD Advisory· Published Aug 13, 2012· Updated Jun 16, 2026
CVE-2012-2331
CVE-2012-2331
Description
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.6.1
Patches
Vulnerability mechanics
References
9- www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txtnvdExploit
- www.rul3z.de/index.phpnvdExploit
- www.securityfocus.com/bid/53418nvdExploit
- github.com/s9y/Serendipity/commit/264bf55719baacc069ff9d3cc35f0c349cde11e3nvdExploitPatch
- secunia.com/advisories/49009nvdVendor Advisory
- archives.neohapsis.com/archives/bugtraq/2012-05/0037.htmlnvd
- blog.s9y.org/archives/240-Serendipity-1.6.1-released.htmlnvd
- www.openwall.com/lists/oss-security/2012/05/08/6nvd
- www.openwall.com/lists/oss-security/2012/05/09/2nvd
News mentions
0No linked articles in our index yet.