![](/assets/img/cve_300x82_sin_bg.png)
CVE-2020-10964
https://notcve.org/view.php?id=CVE-2020-10964
25 Mar 2020 — Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. Serendipity versiones anteriores a 2.3.4 en Windows, permite a atacantes remotos ejecutar código arbitrario porque el nombre de archivo de un archivo renombrado puede terminar con un punto. Este archivo luego puede ser renombrado para tener un nombre de archivo .php. • https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2011-4090 – S9Y Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4090
26 Nov 2019 — Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation. Serendipity versiones anteriores a 1.6, presenta un problema de tipo XSS en el plugin karma que puede permitir una escalada de privilegios. • https://www.exploit-db.com/exploits/36283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2011-1135
https://notcve.org/view.php?id=CVE-2011-1135
05 Nov 2019 — Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versión 1.5.5, permite a atacantes remotos ejecutar código arbitrario en los archivos plugins/ExtendedFileManager/manager.php y plugins/ImageManager/manager.ph... • https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2011-1134
https://notcve.org/view.php?id=CVE-2011-1134
05 Nov 2019 — Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versión 1.5.5, permite a atacantes remotos ejecutar código arbitrario en el administrador de imágenes. • https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2011-1133
https://notcve.org/view.php?id=CVE-2011-1133
05 Nov 2019 — Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php. Una vulnerabilidad de tipo Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versión 1.5.5, permite a atacantes remotos ejecutar código arbitrario por medio del archivo plugins/ExtendedFileManager/backend.php. • https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2019-11870
https://notcve.org/view.php?id=CVE-2019-11870
09 May 2019 — Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. Serendipity, versiones anteriores a 2.1.5, es vulnerable a un ataque XSS a través de datos EXIF que son gestionados de manera incorrecta en las plantillas/2k11/admin/media_choose.tpl o en las plantillas/2k11/admin/media_items.tpl de la funcionalidad Media Library. • http://www.openwall.com/lists/oss-security/2019/05/10/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2017-5476
https://notcve.org/view.php?id=CVE-2017-5476
14 Jan 2017 — Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. Serendipity hasta la versión 2.0.5 permite CSRF para la instalación de un plugin de evento o un plugin de barra lateral. • http://www.securityfocus.com/bid/95659 • CWE-352: Cross-Site Request Forgery (CSRF) •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2017-5474
https://notcve.org/view.php?id=CVE-2017-5474
14 Jan 2017 — Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. Vulnerabilidad de redirección abierta en comment.php en Serendipity hasta la versión 2.0.5 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar acabo ataques de phishing a través de una URL en el encabezado HTTP Referer. • http://www.securityfocus.com/bid/95652 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2017-5475
https://notcve.org/view.php?id=CVE-2017-5475
14 Jan 2017 — comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. comment.php en Serendipity hasta la versión 2.0.5 permite CSRF en la eliminación de cualquier comentario. • http://www.securityfocus.com/bid/95656 • CWE-352: Cross-Site Request Forgery (CSRF) •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-10082
https://notcve.org/view.php?id=CVE-2016-10082
30 Dec 2016 — include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file. include/functions_installer.inc.php en Serendipity hasta la versión 2.0.5 es vulnerable a ataques File Inclusion y posiblemente Code Execution durante una primera instalación porque falla e... • http://www.securityfocus.com/bid/95165 • CWE-284: Improper Access Control •