Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
serendipity serendipity vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2015-6968
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity prior to 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.
S9y Serendipity
516
VMScore
CVE-2017-5474
Open redirect vulnerability in comment.php in Serendipity up to and including 2.0.5 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
S9y Serendipity
605
VMScore
CVE-2017-5475
comment.php in Serendipity up to and including 2.0.5 allows CSRF in deleting any comments.
S9y Serendipity
605
VMScore
CVE-2017-5476
Serendipity up to and including 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
S9y Serendipity
312
VMScore
CVE-2015-2289
Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity prior to 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.
S9y Serendipity
383
VMScore
CVE-2004-2157
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions prior to 0.7-beta3, allows remote malicious users to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
S9y Serendipity 0.7 Beta1
755
VMScore
CVE-2004-2158
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote malicious users to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
S9y Serendipity 0.7 Beta1
1 EDB exploit
383
VMScore
CVE-2008-1386
Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote malicious users to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue...
S9y Serendipity 1.3
668
VMScore
CVE-2005-1712
Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files.
Sy9 Serendipity 0.8
383
VMScore
CVE-2005-1713
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
S9y Serendipity 0.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »