5 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0

Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Serendipity (S9Y) antes de 1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados relacionados con trackbacks recibidos. • http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html http://secunia.com/advisories/29398 http://secunia.com/advisories/29502 http://www.debian.org/security/2008/dsa-1528 http://www.securityfocus.com/bid/28298 http://www.vupen.com/english/advisories/2008/0925/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41343 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el plugin mycalendar versiones anteriores a 0.13 para Serendipity, permite a los atacantes remotos realizar acciones como administradores de blogs, que pueden ser aprovechadas para conducir ataques de tipo cross-site scripting (XSS) en la página blog. • http://secunia.com/advisories/28152 http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html http://www.securityfocus.com/bid/26955 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0

The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked. La extensión de "Propiedades extendidas de entrada" (entryproperties) en el serendipity_event_entryproperties.php del Serendipity 1.1.3 permite a atacantes remotos autenticados, evitar la protección de la contraseña y "establecer una configuración de las entryproperties a medida en el Serendipity Frontend" a través de ciertas peticiones que modifican si la contraseña ha sido validada. • http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html http://osvdb.org/36534 http://secunia.com/advisories/26347 http://sourceforge.net/forum/forum.php?forum_id=722867 http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716 http://www.securityfocus.com/bid/25235 https://exchange.xforce.ibmcloud.com/vulnerabilities/35868 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter. Vulnerabilidad de inyección SQL en index.php de Serendipity 1.1.1 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro [multiCat][]. • http://osvdb.org/34935 http://securityreason.com/securityalert/2383 http://www.securityfocus.com/archive/1/461671/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/32768 •

CVSS: 6.8EPSS: 4%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. Múltiples vulnerabilidades en secuencias de comandos en sitios cruzados (XSS) en Serendipity (s9y) 1.0.1 y anteriores, permite a atacantes remotos la inyección de secuencias de comandos Web o HTML de su elección, a través de vectores no especificados en la página del administrador del gestor de media. • http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html http://secunia.com/advisories/22501 http://securityreason.com/securityalert/1771 http://securitytracker.com/id?1017100 http://www.hardened-php.net/advisory_112006.136.html http://www.osvdb.org/29893 http://www.s9y.org/forums/viewtopic.php?t=7356 http://www.securityfocus.com/archive/1/449189/100/0/threaded http://www.securityfocus.com/bid/20627 http://www.vupen.com/english/advisories/2006/4135 https:/&#x •