S9y

Serendipity

58 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-5670

  • EPSS 0.33%
  • Veröffentlicht 05.11.2013 18:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_li...

4.3

CVE-2013-5314

Exploit
  • EPSS 0.82%
  • Veröffentlicht 19.08.2013 21:10:49
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.

7.5

CVE-2012-2332

Exploit
  • EPSS 1.33%
  • Veröffentlicht 13.08.2012 23:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site...

4.3

CVE-2012-2331

Exploit
  • EPSS 14.79%
  • Veröffentlicht 13.08.2012 23:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might b...

7.5

CVE-2012-2762

  • EPSS 0.72%
  • Veröffentlicht 07.06.2012 19:55:09
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.

5

CVE-2011-3800

  • EPSS 0.28%
  • Veröffentlicht 24.09.2011 00:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.

2.6

CVE-2010-2957

Exploit
  • EPSS 0.29%
  • Veröffentlicht 10.09.2010 18:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2010-1916

Exploit
  • EPSS 0.71%
  • Veröffentlicht 12.05.2010 11:46:40
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) craf...

6

CVE-2009-4412

  • EPSS 2.11%
  • Veröffentlicht 24.12.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the ...

4.3

CVE-2008-1386

Exploit
  • EPSS 0.5%
  • Veröffentlicht 23.04.2008 13:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for e...