cbcvebase.

S9Y Serendipity vulnerabilities

58 known vulnerabilities affecting s9y/serendipity.

Total CVEs
58
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH19MEDIUM31LOW2

Vulnerabilities

Page 3 of 3
CVE-2015-8603P4MEDIUMCVSS 5.4≤ 2.0.22016-01-12
CVE-2015-8603 [MEDIUM] CWE-79 CVE-2015-8603: Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inje Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php.
nvd
CVE-2016-10737P4MEDIUMCVSS 5.4v2.0.42019-01-16
CVE-2016-10737 [MEDIUM] CWE-79 CVE-2016-10737: Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
nvd
CVE-2005-1450P4HIGHCVSS 7.5v0.3v0.4+4 more2005-05-03
CVE-2005-1450 [HIGH] CVE-2005-1450: Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipi Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.
nvd
CVE-2005-3129P4MEDIUMCVSS 5.1≤ 0.8.42005-10-04
CVE-2005-3129 [MEDIUM] CVE-2005-3129: Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attac Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php.
nvd
CVE-2015-6969P4MEDIUMCVSS 4.3≤ 2.0.12015-09-16
CVE-2015-6969 [MEDIUM] CWE-79 CVE-2015-6969: Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2 Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.
nvd
CVE-2005-1448P4MEDIUMCVSS 6.8v0.7v0.7.1+7 more2005-05-03
CVE-2005-1448 [MEDIUM] CVE-2005-1448: Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remo Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
nvd
CVE-2017-5474P4MEDIUMCVSS 6.1≤ 2.0.52017-01-14
CVE-2017-5474 [MEDIUM] CWE-601 CVE-2017-5474: Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to r Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
nvd
CVE-2013-5670P4MEDIUMCVSS 4.3≤ 1.7.2v0.3+36 more2013-11-05
CVE-2013-5670 [MEDIUM] CWE-79 CVE-2013-5670: Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker m Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.
nvd
CVE-2014-9432P4MEDIUMCVSS 4.3≤ 2.02014-12-31
CVE-2014-9432 [MEDIUM] CWE-79 CVE-2014-9432: Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Sere Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php.
nvd
CVE-2007-6205P4MEDIUMCVSS 4.3v0.3v0.4+35 more2007-12-11
CVE-2007-6205 [MEDIUM] CWE-79 CVE-2007-6205: Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remote Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.
nvd
CVE-2004-2157P4MEDIUMCVSS 4.3v0.7_beta12004-12-31
CVE-2004-2157 [MEDIUM] CVE-2004-2157: Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
nvd
CVE-2004-2525P4MEDIUMCVSS 4.3v0.3v0.4+14 more2004-12-31
CVE-2004-2525 [MEDIUM] CVE-2004-2525: Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote att Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.
nvd
CVE-2008-0124P4MEDIUMCVSS 4.3v0.3v0.4+32 more2008-02-28
CVE-2008-0124 [MEDIUM] CWE-79 CVE-2008-0124: Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authent Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
nvd
CVE-2008-1386P4MEDIUMCVSS 4.3v1.32008-04-23
CVE-2008-1386 [MEDIUM] CWE-79 CVE-2008-1386: Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited.
nvd
CVE-2005-1713P4MEDIUMCVSS 4.3v0.82005-05-24
CVE-2005-1713 [MEDIUM] CVE-2005-1713: Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inj Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
nvd
CVE-2015-2289P4LOWCVSS 3.5≤ 2.02015-03-23
CVE-2015-2289 [LOW] CWE-79 CVE-2015-2289: Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2 Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.
nvd
CVE-2011-3800P4MEDIUMCVSS 5.0v1.5.52011-09-24
CVE-2011-3800 [MEDIUM] CWE-200 CVE-2011-3800: Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.
nvd
CVE-2010-2957P4LOWCVSS 2.6≤ 1.5.3v0.3+32 more2010-09-10
CVE-2010-2957 [LOW] CWE-79 CVE-2010-2957: Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
S9Y Serendipity vulnerabilities | cvebase