Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
serendipity vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-8101
There is CSRF in Serendipity 2.0.5, allowing malicious users to install any themes via a GET request.
S9y Serendipity 2.0.5
5.4
CVSSv3
CVE-2017-8102
Stored XSS in Serendipity v2.1-rc1 allows an malicious user to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
S9y Serendipity 2.1
8.8
CVSSv3
CVE-2023-31576
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows malicious users to execute arbitrary code via a crafted HTML or Javascript file.
S9y Serendipity 2.4.0
NA
CVE-2008-1386
Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote malicious users to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue...
S9y Serendipity 1.3
8.8
CVSSv3
CVE-2017-5609
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
S9y Serendipity 2.0.5
NA
CVE-2004-2157
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions prior to 0.7-beta3, allows remote malicious users to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
S9y Serendipity 0.7 Beta1
NA
CVE-2004-2158
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote malicious users to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
S9y Serendipity 0.7 Beta1
1 EDB exploit
NA
CVE-2005-1713
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
S9y Serendipity 0.8
5.4
CVSSv3
CVE-2016-10737
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
S9y Serendipity 2.0.4
6.1
CVSSv3
CVE-2011-3610
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin prior to 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
S9y Serendipity Event Freetag
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »