CVE-2011-3610
https://notcve.org/view.php?id=CVE-2011-3610
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf. Se presenta una vulnerabilidad de tipo Cross-site Scripting (XSS) en el plugin freetag para Serendipity versiones anteriores a 3.30 en el parámetro tagcloud en el archivo plugins/serendipity_event_freetag/tagcloud.swf. • https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html https://www.openwall.com/lists/oss-security/2011/10/10/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3337
https://notcve.org/view.php?id=CVE-2009-3337
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry. Vulnerabilidad de inyección SQL en el complemento reetag (serendipity_event_freetag) anteriores a v3.09 para Serendipity (S9Y), permite a atacantes remotos ejecutar comandos SQL de su elección a través de un parámetro no especificado asociado con la clave METE en una entrada de un blog. • http://blog.s9y.org/archives/210-Security-update-for-Freetag-Plugin.html http://secunia.com/advisories/36706 http://www.securityfocus.com/bid/36376 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-0751 – S9Y Serendipity Freetag-plugin 2.95 - 'style' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0751
Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/. Vulnerabilidad de Sitios cruzados en Freetag previa a la v2.96 para S9Y Serendipity, usado con Internet explorer 6 o 7, permite a atacantes remotos inyectar código web o HTML de su elección a través del PATH_INFO a plugin/tag/. • https://www.exploit-db.com/exploits/31126 http://blog.s9y.org/archives/190-Freetag-plugin-updated-to-prevent-XSS.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060122.html http://secunia.com/advisories/28852 http://www.bitsploit.de/uploads/Code/200802080000 http://www.securityfocus.com/bid/27697 https://exchange.xforce.ibmcloud.com/vulnerabilities/40376 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •