Vulnerabilities > S9Y > Serendipity > 2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-25 | CVE-2020-10964 | Unrestricted Upload of File with Dangerous Type vulnerability in S9Y Serendipity Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. | 9.8 |
| 2019-05-09 | CVE-2019-11870 | Cross-site Scripting vulnerability in S9Y Serendipity Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. | 6.1 |
| 2017-04-24 | CVE-2017-8102 | Cross-site Scripting vulnerability in S9Y Serendipity 2.1 Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. | 5.4 |