Serendipity
by S9y
Source repositories
CVEs (45)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-1452 | 0.00 | — | 0.01 | May 3, 2005 | Serendipity before 0.8 allows Chief users to "hide plugins installed by other users." | |||
| CVE-2005-1448 | 0.00 | — | 0.01 | May 3, 2005 | Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2005-1449 | 0.00 | — | 0.01 | May 3, 2005 | Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact. | |||
| CVE-2005-1451 | 0.00 | — | 0.02 | May 3, 2005 | The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files. | |||
| CVE-2004-2157 | 0.00 | — | 0.02 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field. |
- CVE-2005-1452May 3, 2005risk 0.00cvss —epss 0.01
Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."
- CVE-2005-1448May 3, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2005-1449May 3, 2005risk 0.00cvss —epss 0.01
Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.
- CVE-2005-1451May 3, 2005risk 0.00cvss —epss 0.02
The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.
- CVE-2004-2157Dec 31, 2004risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
Page 3 of 3