Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s9y vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-2289
Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity prior to 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.
S9y Serendipity
6.1
CVSSv3
CVE-2011-1133
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package prior to 1.5.5, allows remote malicious users to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
S9y Serendipity
9.8
CVSSv3
CVE-2016-10082
include/functions_installer.inc.php in Serendipity up to and including 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the b...
S9y Serendipity
5.4
CVSSv3
CVE-2015-8603
Cross-site scripting (XSS) vulnerability in Serendipity prior to 2.0.3 allows remote malicious users to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php.
S9y Serendipity
NA
CVE-2015-6943
SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity prior to 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the ser...
S9y Serendipity
NA
CVE-2015-6969
Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity prior to 2.0.2 allows remote malicious users to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.
S9y Serendipity
9.8
CVSSv3
CVE-2011-1134
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package prior to 1.5.5, allows remote malicious users to execute arbitrary code in the image manager.
S9y Serendipity
6.1
CVSSv3
CVE-2019-11870
Serendipity prior to 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
S9y Serendipity
9.8
CVSSv3
CVE-2020-10964
Serendipity prior to 2.3.4 on Windows allows remote malicious users to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
S9y Serendipity
6.1
CVSSv3
CVE-2011-4090
Serendipity prior to 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
S9y Serendipity
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »