{"id":"CVE-2019-11870","details":"Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.","modified":"2026-04-10T04:11:57.595026Z","published":"2019-05-09T23:29:00.293Z","references":[{"type":"ADVISORY","url":"https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html"},{"type":"ADVISORY","url":"https://github.com/s9y/Serendipity/issues/598"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2019/05/03/3"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/05/10/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/s9y/serendipity","events":[{"introduced":"0"},{"fixed":"74cdc9a71fe5f04d7444172ba2058b5b0de7bd52"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.5"}]}}],"versions":["2.1-beta1","2.1-beta2","2.1-beta3","2.1-rc1","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11870.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}