Vulnerabilities > S9Y > Serendipity > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-16 | CVE-2016-10737 | Cross-site Scripting vulnerability in S9Y Serendipity 2.0.4 Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. | 3.5 |
| 2017-04-24 | CVE-2017-8102 | Cross-site Scripting vulnerability in S9Y Serendipity 2.1 Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. | 3.5 |
| 2016-12-25 | CVE-2016-9681 | Cross-site Scripting vulnerability in S9Y Serendipity Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name. | 3.5 |
| 2016-01-12 | CVE-2015-8603 | Cross-site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php. | 3.5 |
| 2015-03-23 | CVE-2015-2289 | Cross-site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category. | 3.5 |
| 2010-09-10 | CVE-2010-2957 | Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |