Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2331 | 1 S9y | 1 Serendipity | 2012-08-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). | |||||
| CVE-2012-2332 | 1 S9y | 1 Serendipity | 2012-08-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). | |||||
| CVE-2011-3800 | 1 S9y | 1 Serendipity | 2012-05-21 | 5.0 MEDIUM | N/A |
| Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files. | |||||
| CVE-2006-2495 | 1 S9y | 1 Serendipity | 2011-03-08 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. | |||||
| CVE-2010-2957 | 1 S9y | 1 Serendipity | 2010-09-10 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1916 | 2 S9y, Xinha | 2 Serendipity, Wysiwyg Editor | 2010-06-13 | 7.5 HIGH | N/A |
| The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin. | |||||
| CVE-2006-1910 | 1 S9y | 1 Serendipity | 2008-09-05 | 7.5 HIGH | N/A |
| config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-1713 | 1 S9y | 1 Serendipity | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins. | |||||
| CVE-2005-1452 | 1 S9y | 1 Serendipity | 2008-09-05 | 10.0 HIGH | N/A |
| Serendipity before 0.8 allows Chief users to "hide plugins installed by other users." | |||||
| CVE-2005-1451 | 1 S9y | 1 Serendipity | 2008-09-05 | 7.5 HIGH | N/A |
| The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files. | |||||
| CVE-2005-1450 | 1 S9y | 1 Serendipity | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact. | |||||
| CVE-2005-1449 | 1 S9y | 1 Serendipity | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact. | |||||
| CVE-2005-1448 | 1 S9y | 1 Serendipity | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||