Vulnerabilities > S9Y > Serendipity > 0.8.beta5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-28 | CVE-2008-0124 | Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file. | 4.3 |
2007-12-11 | CVE-2007-6205 | Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed. | 4.3 |
2006-12-03 | CVE-2006-6242 | Path Traversal vulnerability in S9Y Serendipity Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. | 6.8 |
2005-05-03 | CVE-2005-1449 | Remote Security vulnerability in Serendipity Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact. | 10.0 |
2005-05-03 | CVE-2005-1448 | HTML Injection vulnerability in S9Y Serendipity BBCode Plugin Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network s9y | 6.8 |
2005-04-13 | CVE-2005-1134 | SQL injection vulnerability in S9Y Serendipity Exit.PHP SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters. | 7.5 |