S9Y » Serendipity : Security Vulnerabilities, CVEs, Published In 2008 (XSS)

CVE-2008-1386

Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited.
Max CVSS
4.3
EPSS Score
0.34%
Published
2008-04-23
Updated
2018-10-11

CVE-2008-1385

Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
Max CVSS
4.3
EPSS Score
0.57%
Published
2008-04-23
Updated
2018-10-11

CVE-2008-0124

Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
Max CVSS
4.3
EPSS Score
0.31%
Published
2008-02-28
Updated
2017-08-08
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close