Filtered by vendor S9y
Subscriptions
Filtered by product Serendipity
Subscriptions
Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1713 | 1 S9y | 1 Serendipity | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins. | ||||
| CVE-2005-3129 | 1 S9y | 1 Serendipity | 2025-04-03 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php. | ||||
| CVE-2004-1620 | 1 S9y | 1 Serendipity | 2025-04-03 | N/A |
| CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php. | ||||
| CVE-2006-2495 | 1 S9y | 1 Serendipity | 2025-04-03 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. | ||||
| CVE-2023-31576 | 1 S9y | 1 Serendipity | 2025-01-23 | 8.8 High |
| An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. | ||||
| CVE-2020-10964 | 2 Microsoft, S9y | 2 Windows, Serendipity | 2024-11-21 | 9.8 Critical |
| Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. | ||||
| CVE-2019-11870 | 1 S9y | 1 Serendipity | 2024-11-21 | N/A |
| Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. | ||||
| CVE-2016-10752 | 1 S9y | 1 Serendipity | 2024-11-21 | N/A |
| serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. | ||||
| CVE-2016-10737 | 1 S9y | 1 Serendipity | 2024-11-21 | N/A |
| Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. | ||||
| CVE-2011-4090 | 1 S9y | 1 Serendipity | 2024-11-21 | 6.1 Medium |
| Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation. | ||||
| CVE-2011-1135 | 1 S9y | 1 Serendipity | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. | ||||
| CVE-2011-1134 | 1 S9y | 1 Serendipity | 2024-11-21 | 9.8 Critical |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. | ||||
| CVE-2011-1133 | 1 S9y | 1 Serendipity | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php. | ||||