S9Y » Serendipity : Security Vulnerabilities, CVEs, Published In 2008 (XSS)
Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited.
Max CVSS
4.3
EPSS Score
0.34%
Published
2008-04-23
Updated
2018-10-11
Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
Max CVSS
4.3
EPSS Score
0.57%
Published
2008-04-23
Updated
2018-10-11
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
Max CVSS
4.3
EPSS Score
0.31%
Published
2008-02-28
Updated
2017-08-08
3 vulnerabilities found