S9y ≫ Serendipity

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.

serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.

Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.

Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.

Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure

Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.

There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.

SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.

Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.

comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.