Serendipitynz » Serene Bach : Security Vulnerabilities, CVEs, CVSS score >= 3
SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
Max CVSS
7.5
EPSS Score
0.45%
Published
2009-06-22
Updated
2009-06-26
Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
6.8
EPSS Score
1.69%
Published
2007-01-09
Updated
2017-07-29
2 vulnerabilities found