CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3337
https://notcve.org/view.php?id=CVE-2009-3337
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry. Vulnerabilidad de inyección SQL en el complemento reetag (serendipity_event_freetag) anteriores a v3.09 para Serendipity (S9Y), permite a atacantes remotos ejecutar comandos SQL de su elección a través de un parámetro no especificado asociado con la clave METE en una entrada de un blog. • http://blog.s9y.org/archives/210-Security-update-for-Freetag-Plugin.html http://secunia.com/advisories/36706 http://www.securityfocus.com/bid/36376 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1386
https://notcve.org/view.php?id=CVE-2008-1386
Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited. Múltiples vulnerabilidad de ejecución de comandos en sitios cruzados en el instalador de Serendepity (S9Y) 1.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) campos de ruta sin especificar o (2) el campo "host" de la base de datos. NOTA: la ventana de tiempo para vulnerar esta característica podría estar limitada. Serendipity version 1.3 suffers from cross site scripting vulnerabilities in the referrer plugin and installer. • http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html http://int21.de/cve/CVE-2008-1386-s9y.html http://www.securityfocus.com/archive/1/491176/100/0/threaded http://www.securityfocus.com/bid/28885 http://www.securitytracker.com/id?1019915 http://www.vupen.com/english/advisories/2008/1348/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41967 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 2CVE-2008-1385 – S9Y Serendipity 1.3 - Referer HTTP Header Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1385
Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. Vulnerabilidad de secuencias de comandos en sitios cruzados en el plugin Top Referers (también conocido como referrer) de Serendipity (S9Y) anterior a 1.3.1 permite a atacantes remotos inyectar código web o HTML de su elección a través de una cabecera HTTP Referer. Serendipity version 1.3 suffers from cross site scripting vulnerabilities in the referrer plugin and installer. • https://www.exploit-db.com/exploits/31682 http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html http://int21.de/cve/CVE-2008-1385-s9y.html http://secunia.com/advisories/29942 http://www.securityfocus.com/archive/1/491176/100/0/threaded http://www.securityfocus.com/bid/28885 http://www.securitytracker.com/id?1019915 http://www.vupen.com/english/advisories/2008/1348/references https://excha • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0CVE-2008-0124
https://notcve.org/view.php?id=CVE-2008-0124
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Serendipity (S9Y) anterior a 1.3-beta 1, permite a usuarios autenticados remotamente inyectar secuencias de comandos Web de su elección o HTML a través de (1) el campo "Real name" de Personal Settings, el cuál es mostrado a los lectores de los artículos; o (2) la subida de un fichero, como se ha demostrado mediante un fichero .htm, .html, o .js. • http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html http://int21.de/cve/CVE-2008-0124-s9y.html http://secunia.com/advisories/29128 http://secunia.com/advisories/29502 http://www.debian.org/security/2008/dsa-1528 http://www.securityfocus.com/bid/28003 http://www.securitytracker.com/id?1019502 http://www.vupen.com/english/advisories/2008/0700/references https://exchange.xforce.ibmcloud.com/vulnerabilities/40851 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 2CVE-2008-0751 – S9Y Serendipity Freetag-plugin 2.95 - 'style' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0751
Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/. Vulnerabilidad de Sitios cruzados en Freetag previa a la v2.96 para S9Y Serendipity, usado con Internet explorer 6 o 7, permite a atacantes remotos inyectar código web o HTML de su elección a través del PATH_INFO a plugin/tag/. • https://www.exploit-db.com/exploits/31126 http://blog.s9y.org/archives/190-Freetag-plugin-updated-to-prevent-XSS.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060122.html http://secunia.com/advisories/28852 http://www.bitsploit.de/uploads/Code/200802080000 http://www.securityfocus.com/bid/27697 https://exchange.xforce.ibmcloud.com/vulnerabilities/40376 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •