Vulnerabilities
Vulnerable Software
S9y:  Security Vulnerabilities
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-16
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
CVSS Score
9.8
EPSS Score
0.038
Published
2020-03-25
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-22
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
CVSS Score
6.1
EPSS Score
0.023
Published
2019-11-26
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-11-05
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
CVSS Score
9.8
EPSS Score
0.05
Published
2019-11-05
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-11-05
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-05-24
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-05-09
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-01-16


Contact Us

Shodan ® - All rights reserved