Vulnerabilities > S9Y > Medium

DATE CVE VULNERABILITY TITLE RISK
2009-12-24 CVE-2009-4412 File-Upload vulnerability in Serendipity
Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory.
network
s9y
6.0
2008-04-23 CVE-2008-1386 Cross-Site Scripting vulnerability in S9Y Serendipity 1.3
Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field.
network
s9y CWE-79
4.3
2008-04-23 CVE-2008-1385 Cross-Site Scripting vulnerability in S9Y Serendipity
Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
network
s9y CWE-79
4.3
2008-02-28 CVE-2008-0124 Cross-Site Scripting vulnerability in S9Y Serendipity
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
network
s9y CWE-79
4.3
2008-02-13 CVE-2008-0751 Cross-Site Scripting vulnerability in S9Y Serendipity Event Freetag
Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/.
network
microsoft s9y CWE-79
4.3
2007-12-11 CVE-2007-6205 Cross-Site Scripting vulnerability in S9Y Serendipity
Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.
network
s9y CWE-79
4.3
2006-12-03 CVE-2006-6242 Path Traversal vulnerability in S9Y Serendipity
Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a ..
network
s9y CWE-22
6.8
2005-10-04 CVE-2005-3129 Cross-Site Request Forgery vulnerability in Serendipity
Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php.
network
high complexity
s9y
5.1
2005-05-24 CVE-2005-1713 Unspecified vulnerability in S9Y Serendipity 0.8
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
network
s9y
4.3
2005-05-03 CVE-2005-1448 HTML Injection vulnerability in S9Y Serendipity BBCode Plugin
Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
network
s9y
6.8