S9y: >> Serendipity >> 2.0.3 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.
CVSS Score
5.4
EPSS Score
0.002
Published
2016-12-25
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
CVSS Score
8.6
EPSS Score
0.002
Published
2016-12-01
Page 2