Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s9y vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-1452
Serendipity prior to 0.8 allows Chief users to "hide plugins installed by other users."
S9y Serendipity 0.7
S9y Serendipity 0.7.1
S9y Serendipity 0.4
S9y Serendipity 0.6 Pl3
S9y Serendipity 0.3
S9y Serendipity 0.5 Pl1
NA
CVE-2014-9432
Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity prior to 2.0-rc2 allow remote malicious users to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php.
S9y Serendipity
NA
CVE-2015-6968
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity prior to 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.
S9y Serendipity
8.6
CVSSv3
CVE-2016-9752
In Serendipity prior to 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
S9y Serendipity
6.1
CVSSv3
CVE-2011-4090
Serendipity prior to 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
S9y Serendipity
1 EDB exploit
6.1
CVSSv3
CVE-2017-5474
Open redirect vulnerability in comment.php in Serendipity up to and including 2.0.5 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
S9y Serendipity
8.8
CVSSv3
CVE-2017-5475
comment.php in Serendipity up to and including 2.0.5 allows CSRF in deleting any comments.
S9y Serendipity
6.1
CVSSv3
CVE-2019-11870
Serendipity prior to 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
S9y Serendipity
NA
CVE-2008-0751
Cross-site scripting (XSS) vulnerability in the Freetag prior to 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/.
S9y Serendipity Event Freetag
1 EDB exploit
5.4
CVSSv3
CVE-2015-8603
Cross-site scripting (XSS) vulnerability in Serendipity prior to 2.0.3 allows remote malicious users to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php.
S9y Serendipity
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »