S9Y » Serendipity : Security Vulnerabilities Published In 2019
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
Max Base Score
6.1
Published
2019-05-09
Updated
2019-05-10
EPSS
0.14%
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
Max Base Score
9.8
Published
2019-05-24
Updated
2019-05-29
EPSS
0.34%
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
Max Base Score
5.4
Published
2019-01-16
Updated
2019-01-23
EPSS
0.09%
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
Max Base Score
6.1
Published
2019-11-26
Updated
2019-12-11
EPSS
0.23%
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
Max Base Score
6.1
Published
2019-11-05
Updated
2019-11-08
EPSS
0.58%
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
Max Base Score
9.8
Published
2019-11-05
Updated
2019-11-08
EPSS
1.34%
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
Max Base Score
6.1
Published
2019-11-05
Updated
2019-11-08
EPSS
0.58%
7 vulnerabilities found