Vulnerabilities > S9Y > Serendipity > 1.0.beta2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-28 | CVE-2008-0124 | Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file. | 4.3 |
2007-12-11 | CVE-2007-6205 | Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed. | 4.3 |
2006-12-03 | CVE-2006-6242 | Path Traversal vulnerability in S9Y Serendipity Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. | 6.8 |
2006-05-20 | CVE-2006-2495 | Cross-Site Request Forgery vulnerability in Serendipity Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. | 7.5 |
2006-04-20 | CVE-2006-1910 | Unspecified vulnerability in S9Y Serendipity 1.0Beta2 config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. | 7.5 |