Serendipity
by Serendipity
Source repositories
CVEs (53)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4282 | 0.00 | — | 0.02 | Aug 9, 2007 | The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain… | |||
| CVE-2007-1326 | 0.00 | — | 0.01 | Mar 7, 2007 | SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter. | |||
| CVE-2006-5499 | 0.00 | — | 0.02 | Oct 25, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. | |||
| CVE-2006-2495 | 0.00 | — | 0.02 | May 20, 2006 | Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. | |||
| CVE-2006-1910 | 0.00 | — | 0.01 | Apr 20, 2006 | config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2005-1712 | 0.00 | — | 0.01 | May 24, 2005 | Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files. | |||
| CVE-2005-1713 | 0.00 | — | 0.01 | May 24, 2005 | Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins. | |||
| CVE-2005-1449 | 0.00 | — | 0.01 | May 3, 2005 | Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact. | |||
| CVE-2005-1451 | 0.00 | — | 0.02 | May 3, 2005 | The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files. | |||
| CVE-2005-1448 | 0.00 | — | 0.01 | May 3, 2005 | Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2005-1450 | 0.00 | — | 0.01 | May 3, 2005 | Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact. | |||
| CVE-2004-2157 | 0.00 | — | 0.02 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field. | |||
| CVE-2004-2525 | 0.00 | — | 0.01 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable. |
- CVE-2007-4282Aug 9, 2007risk 0.00cvss —epss 0.02
The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain…
- CVE-2007-1326Mar 7, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.
- CVE-2006-5499Oct 25, 2006risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
- CVE-2006-2495May 20, 2006risk 0.00cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.
- CVE-2006-1910Apr 20, 2006risk 0.00cvss —epss 0.01
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2005-1712May 24, 2005risk 0.00cvss —epss 0.01
Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files.
- CVE-2005-1713May 24, 2005risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
- CVE-2005-1449May 3, 2005risk 0.00cvss —epss 0.01
Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.
- CVE-2005-1451May 3, 2005risk 0.00cvss —epss 0.02
The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.
- CVE-2005-1448May 3, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2005-1450May 3, 2005risk 0.00cvss —epss 0.01
Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.
- CVE-2004-2157Dec 31, 2004risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
- CVE-2004-2525Dec 31, 2004risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.
Page 3 of 3