Lucene search

K
S9ySerendipity

12 matches found

CVE
CVE
added 2008/02/28 8:44 p.m.60 views

CVE-2008-0124

Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .ht...

4.3CVSS5.1AI score0.0065EPSS
CVE
CVE
added 2013/11/05 6:55 p.m.47 views

CVE-2013-5670

Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.

4.3CVSS5.9AI score0.00329EPSS
CVE
CVE
added 2008/04/23 1:5 p.m.45 views

CVE-2008-1386

Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited.

4.3CVSS5.6AI score0.00503EPSS
CVE
CVE
added 2005/07/10 4:0 a.m.42 views

CVE-2004-2157

Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.

4.3CVSS6.1AI score0.00721EPSS
CVE
CVE
added 2008/04/23 1:5 p.m.40 views

CVE-2008-1385

Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.

4.3CVSS5.5AI score0.07977EPSS
CVE
CVE
added 2005/05/24 4:0 a.m.39 views

CVE-2005-1713

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.

4.3CVSS5.8AI score0.00346EPSS
CVE
CVE
added 2005/10/25 4:0 a.m.38 views

CVE-2004-2525

Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.

4.3CVSS5.7AI score0.00572EPSS
CVE
CVE
added 2007/12/11 8:46 p.m.38 views

CVE-2007-6205

Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.

4.3CVSS5.4AI score0.00585EPSS
CVE
CVE
added 2013/08/19 9:10 p.m.37 views

CVE-2013-5314

Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.

4.3CVSS5.9AI score0.00421EPSS
CVE
CVE
added 2015/09/16 2:59 p.m.36 views

CVE-2015-6969

Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.

4.3CVSS5.8AI score0.00336EPSS
CVE
CVE
added 2012/08/13 11:55 p.m.35 views

CVE-2012-2331

Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF)...

4.3CVSS5.8AI score0.14788EPSS
CVE
CVE
added 2014/12/31 10:59 p.m.31 views

CVE-2014-9432

Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php.

4.3CVSS5.8AI score0.00421EPSS