NotCVE - vendor:"S9y" product:"Serendipity" version:"

Page 3 of 58 results (0.001 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

CVE-2015-6969

https://notcve.org/view.php?id=CVE-2015-6969

16 Sep 2015 — Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link. Vulnerabilidad de XSS en js/2k11.min.js en el tema 2k11 en Serendipity en versiones anteriores a 2.0.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de usuario en un comentario, lo cual no es manejado adecua... • http://blog.curesec.com/article/blog/Serendipity-201-Persistent-XSS-51.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3

CVE-2015-6943

https://notcve.org/view.php?id=CVE-2015-6943

15 Sep 2015 — SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php. Vulnerabilidad de inyección SQL en la función serendipity_checkCommentToken en include/functions_comments.inc.php en Serendipity en versiones anteriores a 2.0.2, cuando "Use Tokens for Comment Mo... • http://blog.curesec.com/article/blog/Serendipity-201-Blind-SQL-Injection-52.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2015-2289

https://notcve.org/view.php?id=CVE-2015-2289

23 Mar 2015 — Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category. Vulnerabilidad de XSS en templates/2k11/admin/entries.tpl en Serendipity anterior a 2.0.1 permite a editores remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro serendipity[cat][name] en s... • http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

CVE-2014-9432

https://notcve.org/view.php?id=CVE-2014-9432

31 Dec 2014 — Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php. Múltiples vulnerabilidades de XSS en templates/2k11/admin/overview.inc.tpl en Serendipity anterior a 2.0-rc2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un comentario en un blog en QUERY_STRING en serendipity/i... • http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0

CVE-2013-5670

https://notcve.org/view.php?id=CVE-2013-5670

05 Nov 2013 — Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter. Vulnerabilidad cross-site scripting (XSS) en spell-check-savedicts.php en el módulo htmlarea SpellChecker, tal como se utiliza en Serendipity anterior a la versión 1.7.3 y posiblemente en otros productos, permite a atacantes remotos inyectar secuen... • http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 3

CVE-2013-5314 – S9Y Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-5314

19 Aug 2013 — Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter. Vulnerabilidad XSS en serendipity_admin_image_selector.php en Serendipity 1.6.2 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro serendipity[htmltarget]. • https://www.exploit-db.com/exploits/38642 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 14%CPEs: 35EXPL: 5

CVE-2012-2331 – S9Y Serendipity 1.6 - 'Backend' Cross-Site Scripting / SQL Injection

https://notcve.org/view.php?id=CVE-2012-2331

13 Aug 2012 — Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Serendipity/serendipity_admin_image_selector.php en Serendipity antes de v1.6.1 permite a atacantes remotos inyectar secuencias de comandos... • https://www.exploit-db.com/exploits/18884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 1%CPEs: 35EXPL: 4

CVE-2012-2332 – S9Y Serendipity 1.6 - 'Backend' Cross-Site Scripting / SQL Injection

https://notcve.org/view.php?id=CVE-2012-2332

13 Aug 2012 — SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). Una vulnerabilidad de inyección SQL en serendipity/serendipity_admin.php en Serendipity antes de v1.6.1 permite a atacantes remotos ejecutar comandos SQL a través del parámetro serendipity[plugin_to_conf]. NOTA: este problema podría ser r... • https://www.exploit-db.com/exploits/18884 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0

CVE-2012-2762

https://notcve.org/view.php?id=CVE-2012-2762

07 Jun 2012 — SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php. Vulnerabilidad de inyección SQL en include/functions_trackbacks.inc.php en Serendipity v1.6.2 permite a atacantes remotos ejecutar comandos SQL a través del parámetro URL en comment.php. • http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2011-3800

https://notcve.org/view.php?id=CVE-2011-3800

24 Sep 2011 — Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files. Serendipity v1.5.5 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con templates/newspaper/layout.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1 2 3 4 5