Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s9y serendipity vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2015-8603
Cross-site scripting (XSS) vulnerability in Serendipity prior to 2.0.3 allows remote malicious users to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php.
S9y Serendipity
NA
CVE-2015-6969
Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity prior to 2.0.2 allows remote malicious users to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.
S9y Serendipity
NA
CVE-2015-6968
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity prior to 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.
S9y Serendipity
NA
CVE-2015-6943
SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity prior to 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the ser...
S9y Serendipity
NA
CVE-2015-2289
Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity prior to 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.
S9y Serendipity
NA
CVE-2014-9432
Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity prior to 2.0-rc2 allow remote malicious users to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php.
S9y Serendipity
NA
CVE-2013-5670
Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity prior to 1.7.3 and possibly other products, allows remote malicious users to inject arbitrary web script or HTML via the to_r_list parameter.
S9y Serendipity 1.0.3
S9y Serendipity 1.3
S9y Serendipity 1.1.4
S9y Serendipity 0.4
S9y Serendipity 0.8.5
S9y Serendipity 0.7
S9y Serendipity 1.1.2
S9y Serendipity 1.0.4
S9y Serendipity 0.8.3
S9y Serendipity 1.5.3
S9y Serendipity 0.8.4
S9y Serendipity 0.8.2
S9y Serendipity 1.0.2
S9y Serendipity 1.1.1
S9y Serendipity 1.1
S9y Serendipity 0.7.1
S9y Serendipity 1.6.1
S9y Serendipity 1.0.1
S9y Serendipity 1.0
S9y Serendipity 1.5.5
S9y Serendipity 1.6
S9y Serendipity 1.3.1
NA
CVE-2013-5314
Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.
S9y Serendipity
S9y Serendipity 1.0.3
S9y Serendipity 1.3
S9y Serendipity 1.1.4
S9y Serendipity 0.4
S9y Serendipity 0.8.5
S9y Serendipity 0.7
S9y Serendipity 1.1.2
S9y Serendipity 1.0.4
S9y Serendipity 0.8.3
S9y Serendipity 1.5.3
S9y Serendipity 0.8.4
S9y Serendipity 0.8.2
S9y Serendipity 1.0.2
S9y Serendipity 1.1.1
S9y Serendipity 1.1
S9y Serendipity 0.7.1
S9y Serendipity 1.6.1
S9y Serendipity 1.0.1
S9y Serendipity 1.0
S9y Serendipity 1.5.5
S9y Serendipity 1.6
1 EDB exploit
NA
CVE-2012-2332
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity prior to 1.6.1 allows remote malicious users to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF)...
S9y Serendipity 1.0.3
S9y Serendipity 1.3
S9y Serendipity 1.1.4
S9y Serendipity 0.4
S9y Serendipity 0.8.5
S9y Serendipity 0.7
S9y Serendipity 1.1.2
S9y Serendipity 1.0.4
S9y Serendipity 0.8.3
S9y Serendipity 1.5.3
S9y Serendipity 0.8.4
S9y Serendipity 0.8.2
S9y Serendipity 1.0.2
S9y Serendipity 1.1.1
S9y Serendipity 1.1
S9y Serendipity 0.7.1
S9y Serendipity 1.6.1
S9y Serendipity 1.0.1
S9y Serendipity 1.0
S9y Serendipity 1.5.5
S9y Serendipity 1.3.1
S9y Serendipity 0.8.1
1 EDB exploit
NA
CVE-2012-2331
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity prior to 1.6.1 allows remote malicious users to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-...
S9y Serendipity 1.0.3
S9y Serendipity 1.3
S9y Serendipity 1.1.4
S9y Serendipity 0.4
S9y Serendipity 0.8.5
S9y Serendipity 0.7
S9y Serendipity 1.1.2
S9y Serendipity 1.0.4
S9y Serendipity 0.8.3
S9y Serendipity 1.5.3
S9y Serendipity 0.8.4
S9y Serendipity 0.8.2
S9y Serendipity 1.0.2
S9y Serendipity 1.1.1
S9y Serendipity 1.1
S9y Serendipity 0.7.1
S9y Serendipity 1.6.1
S9y Serendipity 1.0.1
S9y Serendipity 1.0
S9y Serendipity 1.5.5
S9y Serendipity 1.3.1
S9y Serendipity 0.8.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »