Serendipity@1.0 beta2 Security Vulnerabilities and Issues — Serendipity@1.0 beta2 CVE List

Lucene search

S9ySerendipity1.0 beta2

5 matches found

CVE•added 2008/02/28 8:44 p.m.•60 views

CVE-2008-0124

Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .ht...

4.3CVSS5.1AI score0.0065EPSS

CVE•added 2006/12/03 7:28 p.m.•43 views

CVE-2006-6242

Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipit...

6.8CVSS6.8AI score0.04411EPSS

CVE•added 2007/12/11 8:46 p.m.•38 views

CVE-2007-6205

Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.

4.3CVSS5.4AI score0.00585EPSS

CVE•added 2006/04/20 6:6 p.m.•35 views

CVE-2006-1910

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

7.5CVSS6.6AI score0.00763EPSS

CVE•added 2006/05/20 3:2 a.m.•32 views

CVE-2006-2495

Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.

7.5CVSS6.8AI score0.00717EPSS