S9y ≫ Serendipity

Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.

Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.

Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure

Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.

There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.

SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.

Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.

comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.

Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an inclu...