Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
serendipity serendipity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-1713
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
S9y Serendipity 0.8
5.4
CVSSv3
CVE-2016-10737
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
S9y Serendipity 2.0.4
8.8
CVSSv3
CVE-2017-8101
There is CSRF in Serendipity 2.0.5, allowing malicious users to install any themes via a GET request.
S9y Serendipity 2.0.5
5.4
CVSSv3
CVE-2017-8102
Stored XSS in Serendipity v2.1-rc1 allows an malicious user to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
S9y Serendipity 2.1
8.8
CVSSv3
CVE-2023-31576
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows malicious users to execute arbitrary code via a crafted HTML or Javascript file.
S9y Serendipity 2.4.0
NA
CVE-2011-3800
Serendipity 1.5.5 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.
S9y Serendipity 1.5.5
NA
CVE-2005-1712
Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files.
Sy9 Serendipity 0.8
NA
CVE-2006-1910
config.php in S9Y Serendipity 1.0 beta 2 allows remote malicious users to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...
S9y Serendipity 1.0 Beta2
8.8
CVSSv3
CVE-2017-5609
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
S9y Serendipity 2.0.5
NA
CVE-2009-3337
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin prior to 3.09 for Serendipity (S9Y) allows remote malicious users to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.
S9y Serendipity Event Freetag
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »