CVE-2017-8101

There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.

CVE-2017-5475

comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.

CVE-2017-5476

Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.

CVE-2017-5474

Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.

CVE-2017-8102

Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.

CVE-2017-1000129

Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure

CVE-2017-5609

SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.