Product:

Serendipity

(S9y)
Repositories https://github.com/s9y/Serendipity
#Vulnerabilities 53
Date Id Summary Products Score Patch Annotated
2023-05-16 CVE-2023-31576 An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. Serendipity 8.8
2020-03-25 CVE-2020-10964 Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. Serendipity N/A
2019-11-26 CVE-2011-4090 Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation. Serendipity N/A
2019-11-05 CVE-2011-1135 Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. Serendipity N/A
2019-11-05 CVE-2011-1134 Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. Serendipity N/A
2019-11-05 CVE-2011-1133 Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php. Serendipity N/A
2019-05-24 CVE-2016-10752 serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. Serendipity 9.8
2019-05-09 CVE-2019-11870 Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. Serendipity 6.1
2017-04-24 CVE-2017-8102 Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin. Serendipity 5.4
2017-04-24 CVE-2017-8101 There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. Serendipity 8.8