Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s9y vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2015-8603
Cross-site scripting (XSS) vulnerability in Serendipity prior to 2.0.3 allows remote malicious users to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php.
S9y Serendipity
8.6
CVSSv3
CVE-2016-9752
In Serendipity prior to 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
S9y Serendipity
6.1
CVSSv3
CVE-2019-11870
Serendipity prior to 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
S9y Serendipity
9.8
CVSSv3
CVE-2020-10964
Serendipity prior to 2.3.4 on Windows allows remote malicious users to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
S9y Serendipity
6.1
CVSSv3
CVE-2011-1133
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package prior to 1.5.5, allows remote malicious users to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
S9y Serendipity
5.4
CVSSv3
CVE-2016-9681
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity prior to 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.
S9y Serendipity
8.8
CVSSv3
CVE-2017-5475
comment.php in Serendipity up to and including 2.0.5 allows CSRF in deleting any comments.
S9y Serendipity
6.1
CVSSv3
CVE-2011-4090
Serendipity prior to 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
S9y Serendipity
1 EDB exploit
NA
CVE-2015-6943
SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity prior to 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the ser...
S9y Serendipity
NA
CVE-2015-6969
Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity prior to 2.0.2 allows remote malicious users to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.
S9y Serendipity
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »