S9Y » Serendipity : Security Vulnerabilities (Cross Site Scripting (XSS))

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2019-11870	79	XSS	2019-05-09	2019-05-10	4.3	None	Remote	Medium	Not required	None	Partial	None
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
2	CVE-2017-8102	79	XSS	2017-04-24	2017-04-28	3.5	None	Remote	Medium	???	None	Partial	None
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
3	CVE-2016-10737	79	XSS	2019-01-16	2019-01-23	3.5	None	Remote	Medium	???	None	Partial	None
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
4	CVE-2016-9681	79	XSS	2016-12-25	2016-12-30	3.5	None	Remote	Medium	???	None	Partial	None
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.
5	CVE-2015-8603	79	XSS	2016-01-12	2018-10-09	3.5	None	Remote	Medium	???	None	Partial	None
Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php.
6	CVE-2015-6969	79	XSS	2015-09-16	2015-09-16	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.
7	CVE-2015-2289	79	XSS	2015-03-23	2018-10-09	3.5	None	Remote	Medium	???	None	Partial	None
Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.
8	CVE-2014-9432	79	XSS	2014-12-31	2018-10-09	4.3	None	Remote	Medium	Not required	None	Partial	None
Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php.
9	CVE-2013-5670	79	XSS	2013-11-05	2013-11-07	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.
10	CVE-2013-5314	79	XSS	2013-08-19	2013-08-20	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.
11	CVE-2012-2331	79	XSS CSRF	2012-08-13	2012-08-14	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
12	CVE-2011-4090	79	XSS	2019-11-26	2019-12-11	4.3	None	Remote	Medium	Not required	None	Partial	None
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
13	CVE-2011-1135	79	Exec Code XSS	2019-11-05	2019-11-08	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
14	CVE-2011-1134	434	Exec Code XSS	2019-11-05	2019-11-08	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
15	CVE-2011-1133	79	Exec Code XSS	2019-11-05	2019-11-08	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
16	CVE-2010-2957	79	XSS	2010-09-10	2010-09-10	2.6	None	Remote	High	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
17	CVE-2008-1386	79	XSS	2008-04-23	2018-10-11	4.3	None	Remote	Medium	Not required	None	Partial	None
Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited.
18	CVE-2008-1385	79	XSS	2008-04-23	2018-10-11	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
19	CVE-2008-0124	79	XSS	2008-02-28	2017-08-08	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
20	CVE-2007-6205	79	XSS	2007-12-11	2018-10-15	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.
21	CVE-2005-1713		XSS	2005-05-24	2008-09-05	4.3	None	Remote	Medium	Not required	None	Partial	None
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
22	CVE-2005-1448		XSS	2005-05-03	2008-09-05	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
23	CVE-2004-2525		XSS	2004-12-31	2017-07-11	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.
24	CVE-2004-2157		XSS	2004-12-31	2017-07-11	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.

Total number of vulnerabilities : 24 Page : 1 (This Page)