Serendipity: >> Serendipity >> 1.1.3 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.
CVSS Score
4.3
EPSS Score
0.005
Published
2008-03-24
The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.
CVSS Score
5.0
EPSS Score
0.004
Published
2007-08-09