Vulnerabilities > S9Y

DATE CVE VULNERABILITY TITLE RISK
2023-05-16 CVE-2023-31576 Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity 2.4.0
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.
network
low complexity
s9y CWE-434
8.8
2020-03-25 CVE-2020-10964 Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot.
network
low complexity
s9y CWE-434
7.5
2020-01-22 CVE-2011-3610 Cross-site Scripting vulnerability in S9Y Serendipity Event Freetag
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
network
s9y CWE-79
4.3
2019-11-26 CVE-2011-4090 Cross-site Scripting vulnerability in S9Y Serendipity
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
network
s9y CWE-79
4.3
2019-11-05 CVE-2011-1135 Cross-site Scripting vulnerability in S9Y Serendipity
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
network
s9y CWE-79
4.3
2019-11-05 CVE-2011-1134 Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
network
low complexity
s9y CWE-434
7.5
2019-11-05 CVE-2011-1133 Cross-site Scripting vulnerability in S9Y Serendipity
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
network
s9y CWE-79
4.3
2019-05-24 CVE-2016-10752 Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity 2.0.3
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
network
low complexity
s9y CWE-434
7.5
2019-05-09 CVE-2019-11870 Cross-site Scripting vulnerability in S9Y Serendipity
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
network
s9y CWE-79
4.3
2019-01-16 CVE-2016-10737 Cross-site Scripting vulnerability in S9Y Serendipity 2.0.4
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
network
s9y CWE-79
3.5