CVSS: 6.1EPSS: 1%CPEs: 37EXPL: 1CVE-2007-6205
https://notcve.org/view.php?id=CVE-2007-6205
11 Dec 2007 — Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en el añadido del lector RSS remoto de la barra lateral (serendipity_plugin_remoterss) en S9Y Serendipity before 1.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un enlace en un al... • http://blog.s9y.org/archives/187-Serendipity-1.2.1-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 3%CPEs: 26EXPL: 3CVE-2006-6242 – S9Y Serendipity 1.0.3 - 'comment.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2006-6242
03 Dec 2006 — Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativec... • https://www.exploit-db.com/exploits/2869 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0CVE-2006-5499
https://notcve.org/view.php?id=CVE-2006-5499
25 Oct 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. Múltiples vulnerabilidades en secuencias de comandos en sitios cruzados (XSS) en Serendipity (s9y) 1.0.1 y anteriores, permite a atacantes remotos la inyección de secuencias de comandos Web o HTML de su elección, a través de vectores no especificados en la página del administrador del gestor ... • http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html •
CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0CVE-2006-2495
https://notcve.org/view.php?id=CVE-2006-2495
20 May 2006 — Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. • http://secunia.com/advisories/20155 •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2005-1448
https://notcve.org/view.php?id=CVE-2005-1448
03 May 2005 — Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. • http://secunia.com/advisories/15145 •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2005-1451
https://notcve.org/view.php?id=CVE-2005-1451
03 May 2005 — The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files. • http://secunia.com/advisories/15145 •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2005-1449
https://notcve.org/view.php?id=CVE-2005-1449
03 May 2005 — Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact. • http://secunia.com/advisories/15145 •
CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 2CVE-2005-1134 – S9Y Serendipity 0.8beta4 - 'exit.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-1134
13 Apr 2005 — SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters. • https://www.exploit-db.com/exploits/939 •