S9y: >> Serendipity >> 0.8_beta_6 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.
CVSS Score
4.3
EPSS Score
0.006
Published
2007-12-11
The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.
CVSS Score
7.5
EPSS Score
0.007
Published
2005-05-03