Serendipity Security Vulnerabilities and Issues — Serendipity CVE List

Lucene search

S9ySerendipity

10 matches found

CVE•added 2019/11/26 5:15 a.m.•89 views

CVE-2011-4090

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.

6.1CVSS6AI score0.02257EPSS

CVE•added 2009/12/24 4:30 p.m.•48 views

CVE-2009-4412

Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of t...

6CVSS7.3AI score0.02105EPSS

CVE•added 2019/05/09 11:29 p.m.•45 views

CVE-2019-11870

Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.

6.1CVSS5.8AI score0.00518EPSS

CVE•added 2006/12/03 7:28 p.m.•43 views

CVE-2006-6242

Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipit...

6.8CVSS6.8AI score0.04411EPSS

CVE•added 2005/05/03 4:0 a.m.•41 views

CVE-2005-1448

Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

6.8CVSS5.8AI score0.01009EPSS

CVE•added 2017/01/14 7:59 a.m.•40 views

CVE-2017-5474

Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.

6.1CVSS6.7AI score0.00158EPSS

CVE•added 2015/09/16 2:59 p.m.•37 views

CVE-2015-6968

Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.

6.5CVSS7.5AI score0.00808EPSS

CVE•added 2015/09/15 6:59 p.m.•36 views

CVE-2015-6943

SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to seren...

6CVSS8.6AI score0.00252EPSS

CVE•added 2019/11/05 9:15 p.m.•35 views

CVE-2011-1133

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.

6.1CVSS6.1AI score0.00863EPSS

CVE•added 2019/11/05 9:15 p.m.•34 views

CVE-2011-1135

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.

6.1CVSS6.1AI score0.00863EPSS