Serendipity Security Vulnerabilities and Issues — Serendipity CVE List

Lucene search

S9ySerendipity

7 matches found

CVE•added 2019/11/26 5:15 a.m.•89 views

CVE-2011-4090

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.

6.1CVSS6AI score0.02257EPSS

CVE•added 2019/05/24 6:29 p.m.•60 views

CVE-2016-10752

serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.

9.8CVSS9.7AI score0.00748EPSS

CVE•added 2019/05/09 11:29 p.m.•45 views

CVE-2019-11870

Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.

6.1CVSS5.8AI score0.00518EPSS

CVE•added 2019/01/16 4:29 a.m.•37 views

CVE-2016-10737

Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.

5.4CVSS5.2AI score0.00281EPSS

CVE•added 2019/11/05 9:15 p.m.•35 views

CVE-2011-1133

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.

6.1CVSS6.1AI score0.00863EPSS

CVE•added 2019/11/05 9:15 p.m.•34 views

CVE-2011-1135

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.

6.1CVSS6.1AI score0.00863EPSS

CVE•added 2019/11/05 9:15 p.m.•33 views

CVE-2011-1134

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.

9.8CVSS8.5AI score0.05004EPSS