Serendipity@1.5.4 Security Vulnerabilities and Issues — Serendipity@1.5.4 CVE List

Lucene search

S9ySerendipity1.5.4

5 matches found

CVE•added 2012/06/07 7:55 p.m.•52 views

CVE-2012-2762

SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.

7.5CVSS8.4AI score0.00717EPSS

CVE•added 2013/11/05 6:55 p.m.•47 views

CVE-2013-5670

Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.

4.3CVSS5.9AI score0.00329EPSS

CVE•added 2013/08/19 9:10 p.m.•37 views

CVE-2013-5314

Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.

4.3CVSS5.9AI score0.00421EPSS

CVE•added 2012/08/13 11:55 p.m.•36 views

CVE-2012-2332

SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).

7.5CVSS8.5AI score0.01325EPSS

CVE•added 2012/08/13 11:55 p.m.•35 views

CVE-2012-2331

Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF)...

4.3CVSS5.8AI score0.14788EPSS