Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post.
References
| Link | Resource |
|---|---|
| https://docs.s9y.org/ | Product |
| https://www.exploit-db.com/exploits/51373 | Exploit Third Party Advisory VDB Entry |
| https://www.vulncheck.com/advisories/serendipity-stored-cross-site-scripting-via-admin-entry-creation | Exploit Third Party Advisory |
| https://www.exploit-db.com/exploits/51373 | Exploit Third Party Advisory VDB Entry |
Configurations
History
27 Dec 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.vulncheck.com/advisories/serendipity-stored-cross-site-scripting-via-admin-entry-creation - Exploit, Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
24 Dec 2025, 16:52
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://docs.s9y.org/ - Product | |
| References | () https://www.exploit-db.com/exploits/51373 - Exploit, Third Party Advisory, VDB Entry | |
| References | () https://www.vulncheck.com/advisories/serendipity-stored-cross-site-scripting-via-admin-entry-creation - Third Party Advisory, Exploit | |
| First Time |
S9y serendipity
S9y |
|
| CPE | cpe:2.3:a:s9y:serendipity:2.4.0:-:*:*:*:*:*:* |
18 Dec 2025, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.exploit-db.com/exploits/51373 - |
17 Dec 2025, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-17 23:15
Updated : 2025-12-27 17:15
NVD link : CVE-2023-53932
Mitre link : CVE-2023-53932
CVE.ORG link : CVE-2023-53932
JSON object : View
Products Affected
s9y
- serendipity
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')