CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31576
https://notcve.org/view.php?id=CVE-2023-31576
16 May 2023 — An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/s9y/2023/Serendipity-2.4-beta-1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2020-10964
https://notcve.org/view.php?id=CVE-2020-10964
25 Mar 2020 — Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. Serendipity versiones anteriores a 2.3.4 en Windows, permite a atacantes remotos ejecutar código arbitrario porque el nombre de archivo de un archivo renombrado puede terminar con un punto. Este archivo luego puede ser renombrado para tener un nombre de archivo .php. • https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2011-3610
https://notcve.org/view.php?id=CVE-2011-3610
22 Jan 2020 — A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf. Se presenta una vulnerabilidad de tipo Cross-site Scripting (XSS) en el plugin freetag para Serendipity versiones anteriores a 3.30 en el parámetro tagcloud en el archivo plugins/serendipity_event_freetag/tagcloud.swf. • https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2011-4090 – S9Y Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4090
26 Nov 2019 — Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation. Serendipity versiones anteriores a 1.6, presenta un problema de tipo XSS en el plugin karma que puede permitir una escalada de privilegios. • https://www.exploit-db.com/exploits/36283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1135
https://notcve.org/view.php?id=CVE-2011-1135
05 Nov 2019 — Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versión 1.5.5, permite a atacantes remotos ejecutar código arbitrario en los archivos plugins/ExtendedFileManager/manager.php y plugins/ImageManager/manager.ph... • https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2011-1134
https://notcve.org/view.php?id=CVE-2011-1134
05 Nov 2019 — Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versión 1.5.5, permite a atacantes remotos ejecutar código arbitrario en el administrador de imágenes. • https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1133
https://notcve.org/view.php?id=CVE-2011-1133
05 Nov 2019 — Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php. Una vulnerabilidad de tipo Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versión 1.5.5, permite a atacantes remotos ejecutar código arbitrario por medio del archivo plugins/ExtendedFileManager/backend.php. • https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10752
https://notcve.org/view.php?id=CVE-2016-10752
24 May 2019 — serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename. En Serendipity versión 2.0.3, la función serendipity_moveMediaDirectory permite que los atacantes remotos carguen y ejecuten código PHP arbitrario, debido a un manejo inapropiado del nombre de archivo sin extensión durante un cambio de nombre, como lo demuestra "php" como un nombre de arch... • https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11870
https://notcve.org/view.php?id=CVE-2019-11870
09 May 2019 — Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. Serendipity, versiones anteriores a 2.1.5, es vulnerable a un ataque XSS a través de datos EXIF que son gestionados de manera incorrecta en las plantillas/2k11/admin/media_choose.tpl o en las plantillas/2k11/admin/media_items.tpl de la funcionalidad Media Library. • http://www.openwall.com/lists/oss-security/2019/05/10/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10737
https://notcve.org/view.php?id=CVE-2016-10737
16 Jan 2019 — Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. Serendipity 2.0.4 tiene Cross-Site Scripting (XSS) mediante el parámetro serendipity[body] en serendipity_admin.php. • https://www.exploit-db.com/exploits/40650 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •