Vulnerabilities > S9Y > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-22 CVE-2011-3610 Cross-site Scripting vulnerability in S9Y Serendipity Event Freetag
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
network
s9y CWE-79
4.3
2019-11-26 CVE-2011-4090 Cross-site Scripting vulnerability in S9Y Serendipity
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
network
s9y CWE-79
4.3
2019-11-05 CVE-2011-1135 Cross-site Scripting vulnerability in S9Y Serendipity
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
network
s9y CWE-79
4.3
2019-11-05 CVE-2011-1133 Cross-site Scripting vulnerability in S9Y Serendipity
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
network
s9y CWE-79
4.3
2019-05-09 CVE-2019-11870 Cross-site Scripting vulnerability in S9Y Serendipity
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
network
s9y CWE-79
4.3
2017-11-17 CVE-2017-1000129 SQL Injection vulnerability in S9Y Serendipity 2.0.3
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
network
low complexity
s9y CWE-89
5.0
2017-04-24 CVE-2017-8101 Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity 2.0.5
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
network
s9y CWE-352
6.8
2017-01-28 CVE-2017-5609 SQL Injection vulnerability in S9Y Serendipity 2.0.5
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
network
low complexity
s9y CWE-89
6.5
2017-01-14 CVE-2017-5476 Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
network
s9y CWE-352
6.8
2017-01-14 CVE-2017-5475 Cross-Site Request Forgery (CSRF) vulnerability in S9Y Serendipity
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
network
s9y CWE-352
6.8