Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s9y vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-2157
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions prior to 0.7-beta3, allows remote malicious users to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
S9y Serendipity 0.7 Beta1
NA
CVE-2004-2158
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote malicious users to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
S9y Serendipity 0.7 Beta1
1 EDB exploit
5.4
CVSSv3
CVE-2016-10737
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
S9y Serendipity 2.0.4
NA
CVE-2005-1713
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
S9y Serendipity 0.8
NA
CVE-2009-3337
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin prior to 3.09 for Serendipity (S9Y) allows remote malicious users to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.
S9y Serendipity Event Freetag
6.1
CVSSv3
CVE-2011-3610
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin prior to 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
S9y Serendipity Event Freetag
NA
CVE-2006-5499
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
Serendipity Serendipity
NA
CVE-2008-1476
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) prior to 1.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.
Serendipity Serendipity 0.7
Serendipity Serendipity 0.7.1
Serendipity Serendipity 0.9
Serendipity Serendipity 0.9.1
Serendipity Serendipity 1.0
Serendipity Serendipity 1.1.2
Serendipity Serendipity 1.1.3
Serendipity Serendipity 0.8
Serendipity Serendipity 0.8.1
Serendipity Serendipity 1.0.1
Serendipity Serendipity 1.0.2
Serendipity Serendipity 1.1.4
Serendipity Serendipity 1.2
Serendipity Serendipity 0.5 Pl1
Serendipity Serendipity 0.6 Pl3
Serendipity Serendipity 0.3
Serendipity Serendipity 0.4
Serendipity Serendipity 0.8.2
Serendipity Serendipity 0.8.3
Serendipity Serendipity 1.0.3
Serendipity Serendipity 1.0.4
Serendipity Serendipity
NA
CVE-2008-1066
The modifier.regex_replace.php plugin in Smarty prior to 2.6.19, as used by Serendipity (S9Y) and other products, allows malicious users to call arbitrary PHP functions via templates, related to a '\0' character in a search string.
Smarty Smarty
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6