Vulnerabilities > S9Y

DATE CVE VULNERABILITY TITLE RISK
2020-03-25 CVE-2020-10964 Unrestricted Upload of File With Dangerous Type vulnerability in S9Y Serendipity
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot.
network
low complexity
s9y CWE-434
7.5
2020-01-22 CVE-2011-3610 Cross-Site Scripting vulnerability in S9Y Serendipity Event Freetag
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
network
s9y CWE-79
4.3
2019-11-26 CVE-2011-4090 Cross-Site Scripting vulnerability in S9Y Serendipity
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
network
s9y CWE-79
4.3
2019-11-05 CVE-2011-1135 Cross-Site Scripting vulnerability in S9Y Serendipity
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
network
s9y CWE-79
4.3
2019-11-05 CVE-2011-1134 Unrestricted Upload of File With Dangerous Type vulnerability in S9Y Serendipity
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
network
low complexity
s9y CWE-434
7.5
2019-11-05 CVE-2011-1133 Cross-Site Scripting vulnerability in S9Y Serendipity
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
network
s9y CWE-79
4.3
2019-05-24 CVE-2016-10752 Unrestricted Upload of File With Dangerous Type vulnerability in S9Y Serendipity 2.0.3
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
network
low complexity
s9y CWE-434
7.5
2019-05-09 CVE-2019-11870 Cross-Site Scripting vulnerability in S9Y Serendipity
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
network
s9y CWE-79
4.3
2019-01-16 CVE-2016-10737 Cross-Site Scripting vulnerability in S9Y Serendipity 2.0.4
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
network
s9y CWE-79
3.5
2017-11-17 CVE-2017-1000129 SQL Injection vulnerability in S9Y Serendipity 2.0.3
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
network
low complexity
s9y CWE-89
5.0