Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
Max CVSS
6.1
EPSS Score
0.14%
Published
2019-05-09
Updated
2019-05-10
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
Max CVSS
5.4
EPSS Score
0.09%
Published
2019-01-16
Updated
2019-01-23
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
Max CVSS
6.1
EPSS Score
0.23%
Published
2019-11-26
Updated
2019-12-11
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
Max CVSS
6.1
EPSS Score
0.58%
Published
2019-11-05
Updated
2019-11-08
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
Max CVSS
9.8
EPSS Score
1.34%
Published
2019-11-05
Updated
2019-11-08
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
Max CVSS
6.1
EPSS Score
0.58%
Published
2019-11-05
Updated
2019-11-08
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!