CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2011-1134
https://notcve.org/view.php?id=CVE-2011-1134
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versión 1.5.5, permite a atacantes remotos ejecutar código arbitrario en el administrador de imágenes. • https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 https://security-tracker.debian.org/tracker/CVE-2011-1134 https://www.openwall.com/lists/oss-security/2011/03/02/5 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1133
https://notcve.org/view.php?id=CVE-2011-1133
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php. Una vulnerabilidad de tipo Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versión 1.5.5, permite a atacantes remotos ejecutar código arbitrario por medio del archivo plugins/ExtendedFileManager/backend.php. • https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 https://security-tracker.debian.org/tracker/CVE-2011-1133 https://www.openwall.com/lists/oss-security/2011/03/02/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-10752
https://notcve.org/view.php?id=CVE-2016-10752
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. En Serendipity versión 2.0.3, la función serendipity_moveMediaDirectory permite que los atacantes remotos carguen y ejecuten código PHP arbitrario, debido a un manejo inapropiado del nombre de archivo sin extensión durante un cambio de nombre, como lo demuestra "php" como un nombre de archivo. • https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution https://demo.ripstech.com/projects/serendipity_2.0.3 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11870
https://notcve.org/view.php?id=CVE-2019-11870
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. Serendipity, versiones anteriores a 2.1.5, es vulnerable a un ataque XSS a través de datos EXIF que son gestionados de manera incorrecta en las plantillas/2k11/admin/media_choose.tpl o en las plantillas/2k11/admin/media_items.tpl de la funcionalidad Media Library. • http://www.openwall.com/lists/oss-security/2019/05/10/1 https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html https://github.com/s9y/Serendipity/issues/598 https://www.openwall.com/lists/oss-security/2019/05/03/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10737
https://notcve.org/view.php?id=CVE-2016-10737
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. Serendipity 2.0.4 tiene Cross-Site Scripting (XSS) mediante el parámetro serendipity[body] en serendipity_admin.php. • https://www.exploit-db.com/exploits/40650 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •