Vulnerabilities > S9Y > Serendipity > 1.0.beta1

DATE CVE VULNERABILITY TITLE RISK
2007-12-11 CVE-2007-6205 Cross-Site Scripting vulnerability in S9Y Serendipity
Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.
network
s9y CWE-79
4.3
4.3
2006-05-20 CVE-2006-2495 Cross-Site Request Forgery vulnerability in Serendipity
Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.
network
low complexity
s9y
7.5
7.5