Search criteria
19 vulnerabilities found for Serendipity by Serendipity
CVE-2024-58282 (GCVE-0-2024-58282)
Vulnerability from nvd – Published: 2025-12-10 21:14 – Updated: 2025-12-11 18:51
VLAI?
Title
Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload
Summary
Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Serendipity | Serendipity |
Affected:
2.5.0
|
Credits
Ahmet Ümit BAYRAM
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58282",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:45:44.516499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:51:39.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.s9y.org/latest"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Serendipity",
"vendor": "Serendipity",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmet \u00dcmit BAYRAM"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSerendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.\u003c/p\u003e"
}
],
"value": "Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T21:14:19.900Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52036",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52036"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://docs.s9y.org/"
},
{
"name": "Software Link",
"tags": [
"product"
],
"url": "https://www.s9y.org/latest"
},
{
"name": "VulnCheck Advisory: Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/serendipity-remote-code-execution-via-authenticated-media-upload"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58282",
"datePublished": "2025-12-10T21:14:19.900Z",
"dateReserved": "2025-12-10T14:35:24.455Z",
"dateUpdated": "2025-12-11T18:51:39.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2011-4090 (GCVE-0-2011-4090)
Vulnerability from nvd – Published: 2019-11-26 04:09 – Updated: 2024-08-06 23:53
VLAI?
Summary
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| serendipity | serendipity |
Affected:
before 1.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2011/q4/176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "serendipity",
"vendor": "serendipity",
"versions": [
{
"status": "affected",
"version": "before 1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T04:09:48",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2011/q4/176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "serendipity",
"version": {
"version_data": [
{
"version_value": "before 1.6"
}
]
}
}
]
},
"vendor_name": "serendipity"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4090",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-4090",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"name": "https://seclists.org/oss-sec/2011/q4/176",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2011/q4/176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4090",
"datePublished": "2019-11-26T04:09:48",
"dateReserved": "2011-10-18T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1476 (GCVE-0-2008-1476)
Vulnerability from nvd – Published: 2008-03-24 22:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "serendipity-trackbacks-data-xss(41343)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
},
{
"name": "29398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29398"
},
{
"name": "DSA-1528",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
},
{
"name": "28298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28298"
},
{
"name": "ADV-2008-0925",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0925/references"
},
{
"name": "29502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29502"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "serendipity-trackbacks-data-xss(41343)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
},
{
"name": "29398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29398"
},
{
"name": "DSA-1528",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
},
{
"name": "28298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28298"
},
{
"name": "ADV-2008-0925",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0925/references"
},
{
"name": "29502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29502"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "serendipity-trackbacks-data-xss(41343)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
},
{
"name": "29398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29398"
},
{
"name": "DSA-1528",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"name": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
},
{
"name": "28298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28298"
},
{
"name": "ADV-2008-0925",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0925/references"
},
{
"name": "29502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29502"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1476",
"datePublished": "2008-03-24T22:00:00",
"dateReserved": "2008-03-24T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6390 (GCVE-0-2007-6390)
Vulnerability from nvd – Published: 2007-12-17 18:00 – Updated: 2024-08-07 16:02
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28152"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
},
{
"name": "26955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-12-25T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28152"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
},
{
"name": "26955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26955"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28152"
},
{
"name": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html",
"refsource": "MISC",
"url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
},
{
"name": "26955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26955"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6390",
"datePublished": "2007-12-17T18:00:00",
"dateReserved": "2007-12-17T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4282 (GCVE-0-2007-4282)
Vulnerability from nvd – Published: 2007-08-09 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25235"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
},
{
"name": "26347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26347"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
},
{
"name": "36534",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36534"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"
},
{
"name": "serendipity-extendedprop-security-bypass(35868)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25235"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
},
{
"name": "26347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26347"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
},
{
"name": "36534",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36534"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"
},
{
"name": "serendipity-extendedprop-security-bypass(35868)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25235"
},
{
"name": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html",
"refsource": "MISC",
"url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
},
{
"name": "26347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26347"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
},
{
"name": "36534",
"refsource": "OSVDB",
"url": "http://osvdb.org/36534"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=722867",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
},
{
"name": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released,-security-bug-in-entryproperties-plugin.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released,-security-bug-in-entryproperties-plugin.html"
},
{
"name": "serendipity-extendedprop-security-bypass(35868)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4282",
"datePublished": "2007-08-09T21:00:00",
"dateReserved": "2007-08-09T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1326 (GCVE-0-2007-1326)
Vulnerability from nvd – Published: 2007-03-07 21:00 – Updated: 2024-08-07 12:50
VLAI?
Summary
SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "serendipity-index-sql-injection(32768)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
},
{
"name": "20070301 Serendipity unauthenticated SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
},
{
"name": "34935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34935"
},
{
"name": "2383",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "serendipity-index-sql-injection(32768)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
},
{
"name": "20070301 Serendipity unauthenticated SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
},
{
"name": "34935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34935"
},
{
"name": "2383",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "serendipity-index-sql-injection(32768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
},
{
"name": "20070301 Serendipity unauthenticated SQL-Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
},
{
"name": "34935",
"refsource": "OSVDB",
"url": "http://osvdb.org/34935"
},
{
"name": "2383",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1326",
"datePublished": "2007-03-07T21:00:00",
"dateReserved": "2007-03-07T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5499 (GCVE-0-2006-5499)
Vulnerability from nvd – Published: 2006-10-25 10:00 – Updated: 2024-08-07 19:55
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:52.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
},
{
"name": "1771",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1771"
},
{
"name": "20627",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20627"
},
{
"name": "29893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29893"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_112006.136.html"
},
{
"name": "serendipity-admin-xss(29695)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
},
{
"name": "22501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22501"
},
{
"name": "1017100",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017100"
},
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
},
{
"name": "ADV-2006-4135",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
},
{
"name": "1771",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1771"
},
{
"name": "20627",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20627"
},
{
"name": "29893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29893"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_112006.136.html"
},
{
"name": "serendipity-admin-xss(29695)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
},
{
"name": "22501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22501"
},
{
"name": "1017100",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017100"
},
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
},
{
"name": "ADV-2006-4135",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
},
{
"name": "1771",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1771"
},
{
"name": "20627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20627"
},
{
"name": "29893",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29893"
},
{
"name": "http://www.hardened-php.net/advisory_112006.136.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_112006.136.html"
},
{
"name": "serendipity-admin-xss(29695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
},
{
"name": "22501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22501"
},
{
"name": "1017100",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017100"
},
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
},
{
"name": "http://www.s9y.org/forums/viewtopic.php?t=7356",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
},
{
"name": "ADV-2006-4135",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5499",
"datePublished": "2006-10-25T10:00:00",
"dateReserved": "2006-10-24T00:00:00",
"dateUpdated": "2024-08-07T19:55:52.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58282 (GCVE-0-2024-58282)
Vulnerability from cvelistv5 – Published: 2025-12-10 21:14 – Updated: 2025-12-11 18:51
VLAI?
Title
Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload
Summary
Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.
Severity ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Serendipity | Serendipity |
Affected:
2.5.0
|
Credits
Ahmet Ümit BAYRAM
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58282",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:45:44.516499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:51:39.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.s9y.org/latest"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Serendipity",
"vendor": "Serendipity",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmet \u00dcmit BAYRAM"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSerendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.\u003c/p\u003e"
}
],
"value": "Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T21:14:19.900Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52036",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52036"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://docs.s9y.org/"
},
{
"name": "Software Link",
"tags": [
"product"
],
"url": "https://www.s9y.org/latest"
},
{
"name": "VulnCheck Advisory: Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/serendipity-remote-code-execution-via-authenticated-media-upload"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58282",
"datePublished": "2025-12-10T21:14:19.900Z",
"dateReserved": "2025-12-10T14:35:24.455Z",
"dateUpdated": "2025-12-11T18:51:39.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2011-4090 (GCVE-0-2011-4090)
Vulnerability from cvelistv5 – Published: 2019-11-26 04:09 – Updated: 2024-08-06 23:53
VLAI?
Summary
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| serendipity | serendipity |
Affected:
before 1.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2011/q4/176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "serendipity",
"vendor": "serendipity",
"versions": [
{
"status": "affected",
"version": "before 1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T04:09:48",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2011/q4/176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "serendipity",
"version": {
"version_data": [
{
"version_value": "before 1.6"
}
]
}
}
]
},
"vendor_name": "serendipity"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4090",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-4090",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"name": "https://seclists.org/oss-sec/2011/q4/176",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2011/q4/176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4090",
"datePublished": "2019-11-26T04:09:48",
"dateReserved": "2011-10-18T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1476 (GCVE-0-2008-1476)
Vulnerability from cvelistv5 – Published: 2008-03-24 22:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "serendipity-trackbacks-data-xss(41343)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
},
{
"name": "29398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29398"
},
{
"name": "DSA-1528",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
},
{
"name": "28298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28298"
},
{
"name": "ADV-2008-0925",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0925/references"
},
{
"name": "29502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29502"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "serendipity-trackbacks-data-xss(41343)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
},
{
"name": "29398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29398"
},
{
"name": "DSA-1528",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
},
{
"name": "28298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28298"
},
{
"name": "ADV-2008-0925",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0925/references"
},
{
"name": "29502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29502"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "serendipity-trackbacks-data-xss(41343)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
},
{
"name": "29398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29398"
},
{
"name": "DSA-1528",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"name": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
},
{
"name": "28298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28298"
},
{
"name": "ADV-2008-0925",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0925/references"
},
{
"name": "29502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29502"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1476",
"datePublished": "2008-03-24T22:00:00",
"dateReserved": "2008-03-24T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6390 (GCVE-0-2007-6390)
Vulnerability from cvelistv5 – Published: 2007-12-17 18:00 – Updated: 2024-08-07 16:02
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28152"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
},
{
"name": "26955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-12-25T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28152"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
},
{
"name": "26955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26955"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28152"
},
{
"name": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html",
"refsource": "MISC",
"url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
},
{
"name": "26955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26955"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6390",
"datePublished": "2007-12-17T18:00:00",
"dateReserved": "2007-12-17T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4282 (GCVE-0-2007-4282)
Vulnerability from cvelistv5 – Published: 2007-08-09 21:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25235"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
},
{
"name": "26347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26347"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
},
{
"name": "36534",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36534"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"
},
{
"name": "serendipity-extendedprop-security-bypass(35868)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25235"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
},
{
"name": "26347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26347"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
},
{
"name": "36534",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36534"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"
},
{
"name": "serendipity-extendedprop-security-bypass(35868)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25235"
},
{
"name": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html",
"refsource": "MISC",
"url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
},
{
"name": "26347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26347"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
},
{
"name": "36534",
"refsource": "OSVDB",
"url": "http://osvdb.org/36534"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=722867",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
},
{
"name": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released,-security-bug-in-entryproperties-plugin.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released,-security-bug-in-entryproperties-plugin.html"
},
{
"name": "serendipity-extendedprop-security-bypass(35868)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4282",
"datePublished": "2007-08-09T21:00:00",
"dateReserved": "2007-08-09T00:00:00",
"dateUpdated": "2024-08-07T14:46:39.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1326 (GCVE-0-2007-1326)
Vulnerability from cvelistv5 – Published: 2007-03-07 21:00 – Updated: 2024-08-07 12:50
VLAI?
Summary
SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "serendipity-index-sql-injection(32768)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
},
{
"name": "20070301 Serendipity unauthenticated SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
},
{
"name": "34935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34935"
},
{
"name": "2383",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "serendipity-index-sql-injection(32768)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
},
{
"name": "20070301 Serendipity unauthenticated SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
},
{
"name": "34935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34935"
},
{
"name": "2383",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "serendipity-index-sql-injection(32768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
},
{
"name": "20070301 Serendipity unauthenticated SQL-Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
},
{
"name": "34935",
"refsource": "OSVDB",
"url": "http://osvdb.org/34935"
},
{
"name": "2383",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1326",
"datePublished": "2007-03-07T21:00:00",
"dateReserved": "2007-03-07T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5499 (GCVE-0-2006-5499)
Vulnerability from cvelistv5 – Published: 2006-10-25 10:00 – Updated: 2024-08-07 19:55
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:52.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
},
{
"name": "1771",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1771"
},
{
"name": "20627",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20627"
},
{
"name": "29893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29893"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_112006.136.html"
},
{
"name": "serendipity-admin-xss(29695)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
},
{
"name": "22501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22501"
},
{
"name": "1017100",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017100"
},
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
},
{
"name": "ADV-2006-4135",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
},
{
"name": "1771",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1771"
},
{
"name": "20627",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20627"
},
{
"name": "29893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29893"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_112006.136.html"
},
{
"name": "serendipity-admin-xss(29695)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
},
{
"name": "22501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22501"
},
{
"name": "1017100",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017100"
},
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
},
{
"name": "ADV-2006-4135",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
},
{
"name": "1771",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1771"
},
{
"name": "20627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20627"
},
{
"name": "29893",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29893"
},
{
"name": "http://www.hardened-php.net/advisory_112006.136.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_112006.136.html"
},
{
"name": "serendipity-admin-xss(29695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
},
{
"name": "22501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22501"
},
{
"name": "1017100",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017100"
},
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
},
{
"name": "http://www.s9y.org/forums/viewtopic.php?t=7356",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
},
{
"name": "ADV-2006-4135",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5499",
"datePublished": "2006-10-25T10:00:00",
"dateReserved": "2006-10-24T00:00:00",
"dateUpdated": "2024-08-07T19:55:52.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2008-1476
Vulnerability from fkie_nvd - Published: 2008-03-24 22:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| serendipity | serendipity | * | |
| serendipity | serendipity | 0.3 | |
| serendipity | serendipity | 0.4 | |
| serendipity | serendipity | 0.5_pl1 | |
| serendipity | serendipity | 0.6_pl3 | |
| serendipity | serendipity | 0.7 | |
| serendipity | serendipity | 0.7.1 | |
| serendipity | serendipity | 0.8 | |
| serendipity | serendipity | 0.8.1 | |
| serendipity | serendipity | 0.8.2 | |
| serendipity | serendipity | 0.8.3 | |
| serendipity | serendipity | 0.8.4 | |
| serendipity | serendipity | 0.8.5 | |
| serendipity | serendipity | 0.9 | |
| serendipity | serendipity | 0.9.1 | |
| serendipity | serendipity | 1.0 | |
| serendipity | serendipity | 1.0.1 | |
| serendipity | serendipity | 1.0.2 | |
| serendipity | serendipity | 1.0.3 | |
| serendipity | serendipity | 1.0.4 | |
| serendipity | serendipity | 1.1 | |
| serendipity | serendipity | 1.1.1 | |
| serendipity | serendipity | 1.1.2 | |
| serendipity | serendipity | 1.1.3 | |
| serendipity | serendipity | 1.1.4 | |
| serendipity | serendipity | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:serendipity:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A7F03F-B208-42CB-9C92-D6C91B5A0B63",
"versionEndIncluding": "1.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E76BF9-E517-4F90-8BF0-E9778ADB8EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD05A9E-1ADA-493A-8B4A-42CF6B0799B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD95BE08-FE15-4003-A7A8-66ED5FFA1F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.6_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B643749-7042-4E0E-AA43-B393067C689D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "75E0E8DF-38CD-405C-AB70-915A03FD4990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65197FD8-6DA6-41F6-8187-9D76308D9E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "712D208E-D70C-48FF-BDA8-BDFB78415305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "048A793F-A64E-486A-95CF-17DA2F6FBF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7388332D-10CE-439A-AA1B-E03AA6786CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2BE6D0-0EA7-4764-8A98-7BE7D3F80C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2C16D1-3708-4EB9-8CFC-58BE57AF11EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE60E47-6660-4ABF-B77D-63D517ABC481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D22A37CD-4F71-42E6-8E30-6C9815068C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15A336BA-698D-4F93-BCBA-63693E50823E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C78FB439-F70B-4EE1-B026-BCCFA3D94D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2ED0DF-DEAD-497A-A6E4-0E861AF3C0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8A0A3E-BAC6-4338-A026-129048532322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B42960D-8880-4DD9-A8BA-8D9D34E1C568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7F0EC2-8A5F-45A0-A557-E831B94BE3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0223CA41-2914-43B5-B768-AF18A9B3815D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB35A49-9FF9-4F53-B5E9-F7AB6300CADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA8A071-CB09-4269-8606-823B32207BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26AA8798-E46D-4F91-ABFF-B1842275D844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D2694B-E9C3-49E5-83C2-53138CDFAA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:serendipity:serendipity:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "727E6C9A-C6F0-41C3-B4DA-AED1F22E5111",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Serendipity (S9Y) antes de 1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados relacionados con trackbacks recibidos."
}
],
"id": "CVE-2008-1476",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-24T22:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29398"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29502"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28298"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0925/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0925/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6390
Vulnerability from fkie_nvd - Published: 2007-12-17 18:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| serendipity | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:serendipity:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE5C8B2-0669-41A6-9C03-15746EAD922D",
"versionEndIncluding": "0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el plugin mycalendar versiones anteriores a 0.13 para Serendipity, permite a los atacantes remotos realizar acciones como administradores de blogs, que pueden ser aprovechadas para conducir ataques de tipo cross-site scripting (XSS) en la p\u00e1gina blog."
}
],
"id": "CVE-2007-6390",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-17T18:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28152"
},
{
"source": "cve@mitre.org",
"url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26955"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4282
Vulnerability from fkie_nvd - Published: 2007-08-09 21:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| serendipity | serendipity | 1.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:serendipity:serendipity:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26AA8798-E46D-4F91-ABFF-B1842275D844",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."
},
{
"lang": "es",
"value": "La extensi\u00f3n de \"Propiedades extendidas de entrada\" (entryproperties) en el serendipity_event_entryproperties.php del Serendipity 1.1.3 permite a atacantes remotos autenticados, evitar la protecci\u00f3n de la contrase\u00f1a y \"establecer una configuraci\u00f3n de las entryproperties a medida en el Serendipity Frontend\" a trav\u00e9s de ciertas peticiones que modifican si la contrase\u00f1a ha sido validada."
}
],
"id": "CVE-2007-4282",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-09T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
},
{
"source": "cve@mitre.org",
"url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36534"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26347"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25235"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1326
Vulnerability from fkie_nvd - Published: 2007-03-07 21:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| serendipity | serendipity | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:serendipity:serendipity:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB35A49-9FF9-4F53-B5E9-F7AB6300CADA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en index.php de Serendipity 1.1.1 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro [multiCat][]."
}
],
"id": "CVE-2007-1326",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-07T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34935"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2383"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-5499
Vulnerability from fkie_nvd - Published: 2006-10-25 10:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| serendipity | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:serendipity:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C8D2FF0-97FB-414D-96C6-86DD09CAAD1A",
"versionEndIncluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en secuencias de comandos en sitios cruzados (XSS) en Serendipity (s9y) 1.0.1 y anteriores, permite a atacantes remotos la inyecci\u00f3n de secuencias de comandos Web o HTML de su elecci\u00f3n, a trav\u00e9s de vectores no especificados en la p\u00e1gina del administrador del gestor de media."
}
],
"id": "CVE-2006-5499",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-25T10:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22501"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1771"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017100"
},
{
"source": "cve@mitre.org",
"url": "http://www.hardened-php.net/advisory_112006.136.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/29893"
},
{
"source": "cve@mitre.org",
"url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20627"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4135"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.hardened-php.net/advisory_112006.136.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/29893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}