Vulnerabilites related to s9y - serendipity
cve-2012-2762
Vulnerability from cvelistv5
Published
2012-06-07 19:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/82036 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/53620 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/49234 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75760 | vdb-entry, x_refsource_XF | |
| https://www.htbridge.com/advisory/HTB23092 | x_refsource_MISC | |
| http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1027079 | vdb-entry, x_refsource_SECTRACK | |
| https://github.com/s9y/Serendipity/commit/87153991d06bc18fe4af05f97810487c4a340a92#diff-1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "82036",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/82036"
},
{
"name": "53620",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53620"
},
{
"name": "49234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49234"
},
{
"name": "serendipity-trackbacksinc-sql-injection(75760)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75760"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html"
},
{
"name": "1027079",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/commit/87153991d06bc18fe4af05f97810487c4a340a92#diff-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "82036",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/82036"
},
{
"name": "53620",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53620"
},
{
"name": "49234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49234"
},
{
"name": "serendipity-trackbacksinc-sql-injection(75760)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75760"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html"
},
{
"name": "1027079",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/s9y/Serendipity/commit/87153991d06bc18fe4af05f97810487c4a340a92#diff-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "82036",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82036"
},
{
"name": "53620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53620"
},
{
"name": "49234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49234"
},
{
"name": "serendipity-trackbacksinc-sql-injection(75760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75760"
},
{
"name": "https://www.htbridge.com/advisory/HTB23092",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23092"
},
{
"name": "http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html"
},
{
"name": "1027079",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027079"
},
{
"name": "https://github.com/s9y/Serendipity/commit/87153991d06bc18fe4af05f97810487c4a340a92#diff-1",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/commit/87153991d06bc18fe4af05f97810487c4a340a92#diff-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2762",
"datePublished": "2012-06-07T19:00:00",
"dateReserved": "2012-05-18T00:00:00",
"dateUpdated": "2024-08-06T19:42:32.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6968
Vulnerability from cvelistv5
Published
2015-09-16 14:00
Modified
2024-09-16 16:27
Severity ?
EPSS score ?
Summary
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2015/Sep/6 | mailing-list, x_refsource_FULLDISC | |
| http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html | x_refsource_MISC | |
| http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150902 Serendipity 2.0.1 - Code Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-09-16T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150902 Serendipity 2.0.1 - Code Execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150902 Serendipity 2.0.1 - Code Execution",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/6"
},
{
"name": "http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html",
"refsource": "MISC",
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html"
},
{
"name": "http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html"
},
{
"name": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6968",
"datePublished": "2015-09-16T14:00:00Z",
"dateReserved": "2015-09-16T00:00:00Z",
"dateUpdated": "2024-09-16T16:27:59.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2158
Vulnerability from cvelistv5
Published
2005-07-10 04:00
Modified
2024-08-08 01:15
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11269 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1011448 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/12673/ | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17533 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/10371 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/10370 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11269",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11269"
},
{
"name": "1011448",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011448"
},
{
"name": "12673",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12673/"
},
{
"name": "20040928 Serendipity 0.7-beta1 SQL Injection PoC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html"
},
{
"name": "serendipity-sql-injection(17533)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17533"
},
{
"name": "10371",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10371"
},
{
"name": "10370",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11269",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11269"
},
{
"name": "1011448",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011448"
},
{
"name": "12673",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12673/"
},
{
"name": "20040928 Serendipity 0.7-beta1 SQL Injection PoC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html"
},
{
"name": "serendipity-sql-injection(17533)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17533"
},
{
"name": "10371",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10371"
},
{
"name": "10370",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10370"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11269"
},
{
"name": "1011448",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011448"
},
{
"name": "12673",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12673/"
},
{
"name": "20040928 Serendipity 0.7-beta1 SQL Injection PoC",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html"
},
{
"name": "serendipity-sql-injection(17533)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17533"
},
{
"name": "10371",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10371"
},
{
"name": "10370",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10370"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2158",
"datePublished": "2005-07-10T04:00:00",
"dateReserved": "2005-07-10T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10964
Vulnerability from cvelistv5
Published
2020-03-25 21:53
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html | x_refsource_MISC | |
| https://github.com/s9y/Serendipity/releases/tag/2.3.4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/releases/tag/2.3.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T21:53:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s9y/Serendipity/releases/tag/2.3.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html",
"refsource": "MISC",
"url": "https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html"
},
{
"name": "https://github.com/s9y/Serendipity/releases/tag/2.3.4",
"refsource": "MISC",
"url": "https://github.com/s9y/Serendipity/releases/tag/2.3.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10964",
"datePublished": "2020-03-25T21:53:01",
"dateReserved": "2020-03-25T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10737
Vulnerability from cvelistv5
Published
2019-01-16 04:00
Modified
2024-09-17 00:01
Severity ?
EPSS score ?
Summary
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/40650 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:30:20.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40650",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40650"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-16T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40650",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40650"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40650",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40650"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10737",
"datePublished": "2019-01-16T04:00:00Z",
"dateReserved": "2019-01-15T00:00:00Z",
"dateUpdated": "2024-09-17T00:01:41.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3129
Vulnerability from cvelistv5
Published
2005-10-04 04:00
Modified
2024-08-07 23:01
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=112801570631203&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037580.html | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/17011/ | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22456 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050929 Serendipity: Account Hijacking / CSRF Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112801570631203\u0026w=2"
},
{
"name": "20050929 Serendipity: Account Hijacking / CSRF Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037580.html"
},
{
"name": "17011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17011/"
},
{
"name": "serendipity-xs-request-forgery(22456)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050929 Serendipity: Account Hijacking / CSRF Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112801570631203\u0026w=2"
},
{
"name": "20050929 Serendipity: Account Hijacking / CSRF Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037580.html"
},
{
"name": "17011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17011/"
},
{
"name": "serendipity-xs-request-forgery(22456)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050929 Serendipity: Account Hijacking / CSRF Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112801570631203\u0026w=2"
},
{
"name": "20050929 Serendipity: Account Hijacking / CSRF Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037580.html"
},
{
"name": "17011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17011/"
},
{
"name": "serendipity-xs-request-forgery(22456)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3129",
"datePublished": "2005-10-04T04:00:00",
"dateReserved": "2005-10-04T00:00:00",
"dateUpdated": "2024-08-07T23:01:58.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5476
Vulnerability from cvelistv5
Published
2017-01-14 06:56
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/s9y/Serendipity/issues/439 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95659 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:14.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/issues/439"
},
{
"name": "95659",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95659"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-20T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/s9y/Serendipity/issues/439"
},
{
"name": "95659",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95659"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/s9y/Serendipity/issues/439",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/issues/439"
},
{
"name": "95659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95659"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5476",
"datePublished": "2017-01-14T06:56:00",
"dateReserved": "2017-01-13T00:00:00",
"dateUpdated": "2024-08-05T15:04:14.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2957
Vulnerability from cvelistv5
Published
2010-09-10 17:00
Modified
2024-09-17 02:31
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2010/08/29/3 | mailing-list, x_refsource_MLIST | |
| http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2010/08/31/5 | mailing-list, x_refsource_MLIST | |
| http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:45.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100829 CVE request: serendipity \u003c 1.5.4 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html"
},
{
"name": "[oss-security] 20100831 Re: CVE request: serendipity \u003c 1.5.4 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/31/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when \"Remember me\" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-10T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100829 CVE request: serendipity \u003c 1.5.4 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html"
},
{
"name": "[oss-security] 20100831 Re: CVE request: serendipity \u003c 1.5.4 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/31/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when \"Remember me\" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100829 CVE request: serendipity \u003c 1.5.4 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/29/3"
},
{
"name": "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html"
},
{
"name": "[oss-security] 20100831 Re: CVE request: serendipity \u003c 1.5.4 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/31/5"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2957",
"datePublished": "2010-09-10T17:00:00Z",
"dateReserved": "2010-08-04T00:00:00Z",
"dateUpdated": "2024-09-17T02:31:48.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1386
Vulnerability from cvelistv5
Published
2008-04-23 10:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/archive/1/491176/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/28885 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/1348/references | vdb-entry, x_refsource_VUPEN | |
| http://int21.de/cve/CVE-2008-1386-s9y.html | x_refsource_MISC | |
| http://www.securitytracker.com/id?1019915 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41967 | vdb-entry, x_refsource_XF | |
| http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
},
{
"name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
},
{
"name": "28885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28885"
},
{
"name": "ADV-2008-1348",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1348/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2008-1386-s9y.html"
},
{
"name": "1019915",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019915"
},
{
"name": "serendipity-installer-xss(41967)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41967"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
},
{
"name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
},
{
"name": "28885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28885"
},
{
"name": "ADV-2008-1348",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1348/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2008-1386-s9y.html"
},
{
"name": "1019915",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019915"
},
{
"name": "serendipity-installer-xss(41967)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41967"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
},
{
"name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
},
{
"name": "28885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28885"
},
{
"name": "ADV-2008-1348",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1348/references"
},
{
"name": "http://int21.de/cve/CVE-2008-1386-s9y.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2008-1386-s9y.html"
},
{
"name": "1019915",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019915"
},
{
"name": "serendipity-installer-xss(41967)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41967"
},
{
"name": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1386",
"datePublished": "2008-04-23T10:00:00",
"dateReserved": "2008-03-18T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3800
Vulnerability from cvelistv5
Published
2011-09-24 00:00
Modified
2024-09-17 01:26
Severity ?
EPSS score ?
Summary
Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/serendipity-1.5.5 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-list, x_refsource_MLIST | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/serendipity-1.5.5"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/serendipity-1.5.5"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/serendipity-1.5.5",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/serendipity-1.5.5"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3800",
"datePublished": "2011-09-24T00:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-17T01:26:27.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1134
Vulnerability from cvelistv5
Published
2005-04-16 04:00
Modified
2024-08-07 21:35
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.s9y.org/5.html | x_refsource_CONFIRM | |
| http://www.osvdb.org/15542 | vdb-entry, x_refsource_OSVDB | |
| http://seclists.org/lists/bugtraq/2005/Apr/0195.html | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/15145 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.s9y.org/63.html#A9 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20119 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1013699 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/13161 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.s9y.org/5.html"
},
{
"name": "15542",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15542"
},
{
"name": "20050413 serendipity SQL Injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/lists/bugtraq/2005/Apr/0195.html"
},
{
"name": "15145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.s9y.org/63.html#A9"
},
{
"name": "serendipity-urlid-entryid-sql-injection(20119)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20119"
},
{
"name": "1013699",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013699"
},
{
"name": "13161",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.s9y.org/5.html"
},
{
"name": "15542",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15542"
},
{
"name": "20050413 serendipity SQL Injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/lists/bugtraq/2005/Apr/0195.html"
},
{
"name": "15145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.s9y.org/63.html#A9"
},
{
"name": "serendipity-urlid-entryid-sql-injection(20119)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20119"
},
{
"name": "1013699",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013699"
},
{
"name": "13161",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.s9y.org/5.html",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/5.html"
},
{
"name": "15542",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15542"
},
{
"name": "20050413 serendipity SQL Injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/Apr/0195.html"
},
{
"name": "15145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15145"
},
{
"name": "http://www.s9y.org/63.html#A9",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/63.html#A9"
},
{
"name": "serendipity-urlid-entryid-sql-injection(20119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20119"
},
{
"name": "1013699",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013699"
},
{
"name": "13161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13161"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1134",
"datePublished": "2005-04-16T04:00:00",
"dateReserved": "2005-04-16T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8603
Vulnerability from cvelistv5
Published
2016-01-12 19:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/537248/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/135164/Serendipity-2.0.2-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2016/Jan/18 | mailing-list, x_refsource_FULLDISC | |
| http://blog.s9y.org/archives/266-Serendipity-2.0.3-released.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160107 Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537248/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135164/Serendipity-2.0.2-Cross-Site-Scripting.html"
},
{
"name": "20160108 Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/18"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/266-Serendipity-2.0.3-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an \"edit\" admin action to serendipity_admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160107 Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537248/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135164/Serendipity-2.0.2-Cross-Site-Scripting.html"
},
{
"name": "20160108 Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/18"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/266-Serendipity-2.0.3-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an \"edit\" admin action to serendipity_admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160107 Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537248/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/135164/Serendipity-2.0.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135164/Serendipity-2.0.2-Cross-Site-Scripting.html"
},
{
"name": "20160108 Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jan/18"
},
{
"name": "http://blog.s9y.org/archives/266-Serendipity-2.0.3-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/266-Serendipity-2.0.3-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8603",
"datePublished": "2016-01-12T19:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1620
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041021 HTTP Response Splitting in Serendipity 0.7-beta4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109841283115808\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.s9y.org/5.html"
},
{
"name": "11497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11497"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52\u0026view=markup"
},
{
"name": "serendipity-response-splitting(17798)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17798"
},
{
"name": "11039",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11039"
},
{
"name": "1011864",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011864"
},
{
"name": "11038",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11038"
},
{
"name": "12909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12909/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=276694"
},
{
"name": "11013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49\u0026view=markup"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041021 HTTP Response Splitting in Serendipity 0.7-beta4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109841283115808\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.s9y.org/5.html"
},
{
"name": "11497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11497"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10\u0026view=markup"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52\u0026view=markup"
},
{
"name": "serendipity-response-splitting(17798)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17798"
},
{
"name": "11039",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11039"
},
{
"name": "1011864",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011864"
},
{
"name": "11038",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11038"
},
{
"name": "12909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12909/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=276694"
},
{
"name": "11013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49\u0026view=markup"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041021 HTTP Response Splitting in Serendipity 0.7-beta4",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109841283115808\u0026w=2"
},
{
"name": "http://www.s9y.org/5.html",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/5.html"
},
{
"name": "11497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11497"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10\u0026view=markup"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52\u0026view=markup"
},
{
"name": "serendipity-response-splitting(17798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17798"
},
{
"name": "11039",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11039"
},
{
"name": "1011864",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011864"
},
{
"name": "11038",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11038"
},
{
"name": "12909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12909/"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=276694",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=276694"
},
{
"name": "11013",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11013"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49\u0026view=markup"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1620",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-20T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5609
Vulnerability from cvelistv5
Published
2017-01-28 18:00
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95850 | vdb-entry, x_refsource_BID | |
| https://github.com/s9y/Serendipity/releases/tag/2.1-rc1 | x_refsource_CONFIRM | |
| https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95850",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95850"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/releases/tag/2.1-rc1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95850",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95850"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/s9y/Serendipity/releases/tag/2.1-rc1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95850"
},
{
"name": "https://github.com/s9y/Serendipity/releases/tag/2.1-rc1",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/releases/tag/2.1-rc1"
},
{
"name": "https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5609",
"datePublished": "2017-01-28T18:00:00",
"dateReserved": "2017-01-28T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5314
Vulnerability from cvelistv5
Published
2013-08-19 20:00
Modified
2024-09-17 00:35
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mavitunasecurity.com/xss-vulnerabilities-in-serendipity | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2013-07/0135.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mavitunasecurity.com/xss-vulnerabilities-in-serendipity"
},
{
"name": "20130719 Re: [Full-disclosure] XSS Vulnerabilities in Serendipity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0135.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-19T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mavitunasecurity.com/xss-vulnerabilities-in-serendipity"
},
{
"name": "20130719 Re: [Full-disclosure] XSS Vulnerabilities in Serendipity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0135.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mavitunasecurity.com/xss-vulnerabilities-in-serendipity",
"refsource": "MISC",
"url": "https://www.mavitunasecurity.com/xss-vulnerabilities-in-serendipity"
},
{
"name": "20130719 Re: [Full-disclosure] XSS Vulnerabilities in Serendipity",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0135.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5314",
"datePublished": "2013-08-19T20:00:00Z",
"dateReserved": "2013-08-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:35:57.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6969
Vulnerability from cvelistv5
Published
2015-09-16 14:00
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.curesec.com/article/blog/Serendipity-201-Persistent-XSS-51.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2015/Sep/9 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/133427/Serendipity-2.0.1-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Persistent-XSS-51.html"
},
{
"name": "20150902 Serendipity 2.0.1 - Persistent XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133427/Serendipity-2.0.1-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-09-16T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Persistent-XSS-51.html"
},
{
"name": "20150902 Serendipity 2.0.1 - Persistent XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133427/Serendipity-2.0.1-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.curesec.com/article/blog/Serendipity-201-Persistent-XSS-51.html",
"refsource": "MISC",
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Persistent-XSS-51.html"
},
{
"name": "20150902 Serendipity 2.0.1 - Persistent XSS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/9"
},
{
"name": "http://packetstormsecurity.com/files/133427/Serendipity-2.0.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133427/Serendipity-2.0.1-Cross-Site-Scripting.html"
},
{
"name": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6969",
"datePublished": "2015-09-16T14:00:00Z",
"dateReserved": "2015-09-16T00:00:00Z",
"dateUpdated": "2024-09-16T23:41:52.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6943
Vulnerability from cvelistv5
Published
2015-09-15 18:00
Modified
2024-08-06 07:36
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2015/Sep/10 | mailing-list, x_refsource_FULLDISC | |
| http://www.securitytracker.com/id/1033558 | vdb-entry, x_refsource_SECTRACK | |
| http://packetstormsecurity.com/files/133428/Serendipity-2.0.1-Blind-SQL-Injection.html | x_refsource_MISC | |
| http://blog.curesec.com/article/blog/Serendipity-201-Blind-SQL-Injection-52.html | x_refsource_MISC | |
| http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150902 Serendipity 2.0.1 - Blind SQL Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/10"
},
{
"name": "1033558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033558"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133428/Serendipity-2.0.1-Blind-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Blind-SQL-Injection-52.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when \"Use Tokens for Comment Moderation\" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150902 Serendipity 2.0.1 - Blind SQL Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/10"
},
{
"name": "1033558",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033558"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133428/Serendipity-2.0.1-Blind-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Blind-SQL-Injection-52.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when \"Use Tokens for Comment Moderation\" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150902 Serendipity 2.0.1 - Blind SQL Injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/10"
},
{
"name": "1033558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033558"
},
{
"name": "http://packetstormsecurity.com/files/133428/Serendipity-2.0.1-Blind-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133428/Serendipity-2.0.1-Blind-SQL-Injection.html"
},
{
"name": "http://blog.curesec.com/article/blog/Serendipity-201-Blind-SQL-Injection-52.html",
"refsource": "MISC",
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Blind-SQL-Injection-52.html"
},
{
"name": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6943",
"datePublished": "2015-09-15T18:00:00",
"dateReserved": "2015-09-15T00:00:00",
"dateUpdated": "2024-08-06T07:36:34.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1452
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/15145 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.s9y.org/63.html#A9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.s9y.org/63.html#A9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Serendipity before 0.8 allows Chief users to \"hide plugins installed by other users.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:41:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.s9y.org/63.html#A9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serendipity before 0.8 allows Chief users to \"hide plugins installed by other users.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15145"
},
{
"name": "http://www.s9y.org/63.html#A9",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/63.html#A9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1452",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1134
Vulnerability from cvelistv5
Published
2019-11-05 20:07
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html | x_refsource_CONFIRM | |
| https://www.openwall.com/lists/oss-security/2011/03/02/5 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 | vendor-advisory, x_refsource_DEBIAN | |
| https://security-tracker.debian.org/tracker/CVE-2011-1134 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
},
{
"name": "611661",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
},
{
"name": "CVE-2011-1134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T20:07:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
},
{
"name": "611661",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
},
{
"name": "CVE-2011-1134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html",
"refsource": "CONFIRM",
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/03/02/5",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
},
{
"name": "611661",
"refsource": "DEBIAN",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
},
{
"name": "CVE-2011-1134",
"refsource": "SECTRACK",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1134",
"datePublished": "2019-11-05T20:07:15",
"dateReserved": "2011-03-02T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9432
Vulnerability from cvelistv5
Published
2014-12-31 22:00
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99464 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/534315/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html | x_refsource_CONFIRM | |
| http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2014/Dec/108 | mailing-list, x_refsource_FULLDISC | |
| https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:40.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html"
},
{
"name": "serendipity-index-xss(99464)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99464"
},
{
"name": "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534315/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html"
},
{
"name": "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/108"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html"
},
{
"name": "serendipity-index-xss(99464)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99464"
},
{
"name": "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534315/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html"
},
{
"name": "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/108"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html"
},
{
"name": "serendipity-index-xss(99464)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99464"
},
{
"name": "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534315/100/0/threaded"
},
{
"name": "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html"
},
{
"name": "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html"
},
{
"name": "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/108"
},
{
"name": "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9432",
"datePublished": "2014-12-31T22:00:00",
"dateReserved": "2014-12-31T00:00:00",
"dateUpdated": "2024-08-06T13:47:40.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2495
Vulnerability from cvelistv5
Published
2006-05-20 02:59
Modified
2024-08-07 17:51
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/project/shownotes.php?release_id=414920&group_id=75065 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/20155 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/1855 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=414920\u0026group_id=75065"
},
{
"name": "20155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20155"
},
{
"name": "ADV-2006-1855",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1855"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=414920\u0026group_id=75065"
},
{
"name": "20155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20155"
},
{
"name": "ADV-2006-1855",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1855"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=414920\u0026group_id=75065",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=414920\u0026group_id=75065"
},
{
"name": "20155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20155"
},
{
"name": "ADV-2006-1855",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1855"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2495",
"datePublished": "2006-05-20T02:59:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10752
Vulnerability from cvelistv5
Published
2019-05-24 17:40
Modified
2024-08-06 03:30
Severity ?
EPSS score ?
Summary
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution/ | x_refsource_MISC | |
| https://demo.ripstech.com/projects/serendipity_2.0.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:30:20.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://demo.ripstech.com/projects/serendipity_2.0.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by \"php\" as a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-24T17:40:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://demo.ripstech.com/projects/serendipity_2.0.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by \"php\" as a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution/",
"refsource": "MISC",
"url": "https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution/"
},
{
"name": "https://demo.ripstech.com/projects/serendipity_2.0.3",
"refsource": "MISC",
"url": "https://demo.ripstech.com/projects/serendipity_2.0.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10752",
"datePublished": "2019-05-24T17:40:22",
"dateReserved": "2019-05-24T00:00:00",
"dateUpdated": "2024-08-06T03:30:20.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1916
Vulnerability from cvelistv5
Published
2010-05-12 00:00
Modified
2024-08-07 02:17
Severity ?
EPSS score ?
Summary
The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=591701 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/1401 | vdb-entry, x_refsource_VUPEN | |
| http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html | x_refsource_MISC | |
| http://secunia.com/advisories/40124 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/39782 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/40033 | vdb-entry, x_refsource_BID | |
| http://trac.xinha.org/ticket/1518 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=591701"
},
{
"name": "ADV-2010-1401",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1401"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html"
},
{
"name": "40124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40124"
},
{
"name": "39782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39782"
},
{
"name": "40033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40033"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.xinha.org/ticket/1518"
},
{
"name": "FEDORA-2010-9320",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the \"Deprecated config passing\" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-30T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=591701"
},
{
"name": "ADV-2010-1401",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1401"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html"
},
{
"name": "40124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40124"
},
{
"name": "39782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39782"
},
{
"name": "40033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40033"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.xinha.org/ticket/1518"
},
{
"name": "FEDORA-2010-9320",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the \"Deprecated config passing\" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=591701",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=591701"
},
{
"name": "ADV-2010-1401",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1401"
},
{
"name": "http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html",
"refsource": "MISC",
"url": "http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html"
},
{
"name": "40124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40124"
},
{
"name": "39782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39782"
},
{
"name": "40033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40033"
},
{
"name": "http://trac.xinha.org/ticket/1518",
"refsource": "CONFIRM",
"url": "http://trac.xinha.org/ticket/1518"
},
{
"name": "FEDORA-2010-9320",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html"
},
{
"name": "http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html",
"refsource": "MISC",
"url": "http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1916",
"datePublished": "2010-05-12T00:00:00",
"dateReserved": "2010-05-11T00:00:00",
"dateUpdated": "2024-08-07T02:17:12.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1448
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/13411 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/15145 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/15876 | vdb-entry, x_refsource_OSVDB | |
| http://www.s9y.org/63.html#A9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:49.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13411"
},
{
"name": "15145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15145"
},
{
"name": "15876",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15876"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.s9y.org/63.html#A9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:41:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13411"
},
{
"name": "15145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15145"
},
{
"name": "15876",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15876"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.s9y.org/63.html#A9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13411"
},
{
"name": "15145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15145"
},
{
"name": "15876",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15876"
},
{
"name": "http://www.s9y.org/63.html#A9",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/63.html#A9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1448",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:49.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4090
Vulnerability from cvelistv5
Published
2019-11-26 04:09
Modified
2024-08-06 23:53
Severity ?
EPSS score ?
Summary
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4090 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2011-4090 | x_refsource_MISC | |
| https://seclists.org/oss-sec/2011/q4/176 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| serendipity | serendipity |
Version: before 1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2011/q4/176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "serendipity",
"vendor": "serendipity",
"versions": [
{
"status": "affected",
"version": "before 1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T04:09:48",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2011/q4/176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "serendipity",
"version": {
"version_data": [
{
"version_value": "before 1.6"
}
]
}
}
]
},
"vendor_name": "serendipity"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4090",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-4090",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"name": "https://seclists.org/oss-sec/2011/q4/176",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2011/q4/176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4090",
"datePublished": "2019-11-26T04:09:48",
"dateReserved": "2011-10-18T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5474
Vulnerability from cvelistv5
Published
2017-01-14 06:56
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95652 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:14.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd"
},
{
"name": "95652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-20T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd"
},
{
"name": "95652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd"
},
{
"name": "95652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5474",
"datePublished": "2017-01-14T06:56:00",
"dateReserved": "2017-01-13T00:00:00",
"dateUpdated": "2024-08-05T15:04:14.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8101
Vulnerability from cvelistv5
Published
2017-04-24 18:00
Modified
2024-09-17 02:06
Severity ?
EPSS score ?
Summary
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2017/Apr/52 | x_refsource_MISC | |
| https://github.com/s9y/Serendipity/issues/452 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/issues/452"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-24T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s9y/Serendipity/issues/452"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Apr/52",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/52"
},
{
"name": "https://github.com/s9y/Serendipity/issues/452",
"refsource": "MISC",
"url": "https://github.com/s9y/Serendipity/issues/452"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8101",
"datePublished": "2017-04-24T18:00:00Z",
"dateReserved": "2017-04-24T00:00:00Z",
"dateUpdated": "2024-09-17T02:06:11.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1450
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-09-16 22:35
Severity ?
EPSS score ?
Summary
Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/15145 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.s9y.org/63.html#A9 | x_refsource_CONFIRM | |
| http://www.osvdb.org/15877 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.s9y.org/63.html#A9"
},
{
"name": "15877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in \"the function used to validate path-names for uploading media\" in Serendipity before 0.8 has unknown impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-03T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.s9y.org/63.html#A9"
},
{
"name": "15877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in \"the function used to validate path-names for uploading media\" in Serendipity before 0.8 has unknown impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15145"
},
{
"name": "http://www.s9y.org/63.html#A9",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/63.html#A9"
},
{
"name": "15877",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1450",
"datePublished": "2005-05-03T04:00:00Z",
"dateReserved": "2005-05-03T00:00:00Z",
"dateUpdated": "2024-09-16T22:35:05.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1000129
Vulnerability from cvelistv5
Published
2017-11-17 05:00
Modified
2024-09-17 00:40
Severity ?
EPSS score ?
Summary
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-17T05:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.342690",
"ID": "CVE-2017-1000129",
"REQUESTER": "hbuchwald@ripstech.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html",
"refsource": "MISC",
"url": "https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000129",
"datePublished": "2017-11-17T05:00:00Z",
"dateReserved": "2017-11-16T00:00:00Z",
"dateUpdated": "2024-09-17T00:40:30.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1135
Vulnerability from cvelistv5
Published
2019-11-05 20:10
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html | x_refsource_CONFIRM | |
| https://www.openwall.com/lists/oss-security/2011/03/02/5 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 | vendor-advisory, x_refsource_DEBIAN | |
| https://security-tracker.debian.org/tracker/CVE-2011-1135 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
},
{
"name": "611661",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
},
{
"name": "CVE-2011-1135",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T20:10:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
},
{
"name": "611661",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
},
{
"name": "CVE-2011-1135",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html",
"refsource": "CONFIRM",
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/03/02/5",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
},
{
"name": "611661",
"refsource": "DEBIAN",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
},
{
"name": "CVE-2011-1135",
"refsource": "SECTRACK",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1135",
"datePublished": "2019-11-05T20:10:49",
"dateReserved": "2011-03-02T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6242
Vulnerability from cvelistv5
Published
2006-12-03 18:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativecommons/serendipity_event_creativecommons.php, (6) serendipity_event_emoticate/serendipity_event_emoticate.php, (7) serendipity_event_entryproperties/serendipity_event_entryproperties.php, (8) serendipity_event_karma/serendipity_event_karma.php, (9) serendipity_event_livesearch/serendipity_event_livesearch.php, (10) serendipity_event_mailer/serendipity_event_mailer.php, (11) serendipity_event_nl2br/serendipity_event_nl2br.php, (12) serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php, (13) serendipity_event_searchhighlight/serendipity_event_searchhighlight.php, (14) serendipity_event_spamblock/serendipity_event_spamblock.php, (15) serendipity_event_spartacus/serendipity_event_spartacus.php, (16) serendipity_event_statistics/serendipity_plugin_statistics.php, (17) serendipity_event_templatechooser/serendipity_event_templatechooser.php, (18) serendipity_event_textile/serendipity_event_textile.php, (19) serendipity_event_textwiki/serendipity_event_textwiki.php, (20) serendipity_event_trackexits/serendipity_event_trackexits.php, (21) serendipity_event_weblogping/serendipity_event_weblogping.php, (22) serendipity_event_xhtmlcleanup/serendipity_event_xhtmlcleanup.php, (23) serendipity_plugin_comments/serendipity_plugin_comments.php, (24) serendipity_plugin_creativecommons/serendipity_plugin_creativecommons.php, (25) serendipity_plugin_entrylinks/serendipity_plugin_entrylinks.php, (26) serendipity_plugin_eventwrapper/serendipity_plugin_eventwrapper.php, (27) serendipity_plugin_history/serendipity_plugin_history.php, (28) serendipity_plugin_recententries/serendipity_plugin_recententries.php, (29) serendipity_plugin_remoterss/serendipity_plugin_remoterss.php, (30) serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php, and and (31) serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/21367 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/4782 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30615 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/2869 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.s9y.org/forums/viewtopic.php?t=7922 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21367",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21367"
},
{
"name": "ADV-2006-4782",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4782"
},
{
"name": "serendipity-lang-file-include(30615)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30615"
},
{
"name": "2869",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2869"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.s9y.org/forums/viewtopic.php?t=7922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativecommons/serendipity_event_creativecommons.php, (6) serendipity_event_emoticate/serendipity_event_emoticate.php, (7) serendipity_event_entryproperties/serendipity_event_entryproperties.php, (8) serendipity_event_karma/serendipity_event_karma.php, (9) serendipity_event_livesearch/serendipity_event_livesearch.php, (10) serendipity_event_mailer/serendipity_event_mailer.php, (11) serendipity_event_nl2br/serendipity_event_nl2br.php, (12) serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php, (13) serendipity_event_searchhighlight/serendipity_event_searchhighlight.php, (14) serendipity_event_spamblock/serendipity_event_spamblock.php, (15) serendipity_event_spartacus/serendipity_event_spartacus.php, (16) serendipity_event_statistics/serendipity_plugin_statistics.php, (17) serendipity_event_templatechooser/serendipity_event_templatechooser.php, (18) serendipity_event_textile/serendipity_event_textile.php, (19) serendipity_event_textwiki/serendipity_event_textwiki.php, (20) serendipity_event_trackexits/serendipity_event_trackexits.php, (21) serendipity_event_weblogping/serendipity_event_weblogping.php, (22) serendipity_event_xhtmlcleanup/serendipity_event_xhtmlcleanup.php, (23) serendipity_plugin_comments/serendipity_plugin_comments.php, (24) serendipity_plugin_creativecommons/serendipity_plugin_creativecommons.php, (25) serendipity_plugin_entrylinks/serendipity_plugin_entrylinks.php, (26) serendipity_plugin_eventwrapper/serendipity_plugin_eventwrapper.php, (27) serendipity_plugin_history/serendipity_plugin_history.php, (28) serendipity_plugin_recententries/serendipity_plugin_recententries.php, (29) serendipity_plugin_remoterss/serendipity_plugin_remoterss.php, (30) serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php, and and (31) serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21367",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21367"
},
{
"name": "ADV-2006-4782",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4782"
},
{
"name": "serendipity-lang-file-include(30615)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30615"
},
{
"name": "2869",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2869"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.s9y.org/forums/viewtopic.php?t=7922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativecommons/serendipity_event_creativecommons.php, (6) serendipity_event_emoticate/serendipity_event_emoticate.php, (7) serendipity_event_entryproperties/serendipity_event_entryproperties.php, (8) serendipity_event_karma/serendipity_event_karma.php, (9) serendipity_event_livesearch/serendipity_event_livesearch.php, (10) serendipity_event_mailer/serendipity_event_mailer.php, (11) serendipity_event_nl2br/serendipity_event_nl2br.php, (12) serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php, (13) serendipity_event_searchhighlight/serendipity_event_searchhighlight.php, (14) serendipity_event_spamblock/serendipity_event_spamblock.php, (15) serendipity_event_spartacus/serendipity_event_spartacus.php, (16) serendipity_event_statistics/serendipity_plugin_statistics.php, (17) serendipity_event_templatechooser/serendipity_event_templatechooser.php, (18) serendipity_event_textile/serendipity_event_textile.php, (19) serendipity_event_textwiki/serendipity_event_textwiki.php, (20) serendipity_event_trackexits/serendipity_event_trackexits.php, (21) serendipity_event_weblogping/serendipity_event_weblogping.php, (22) serendipity_event_xhtmlcleanup/serendipity_event_xhtmlcleanup.php, (23) serendipity_plugin_comments/serendipity_plugin_comments.php, (24) serendipity_plugin_creativecommons/serendipity_plugin_creativecommons.php, (25) serendipity_plugin_entrylinks/serendipity_plugin_entrylinks.php, (26) serendipity_plugin_eventwrapper/serendipity_plugin_eventwrapper.php, (27) serendipity_plugin_history/serendipity_plugin_history.php, (28) serendipity_plugin_recententries/serendipity_plugin_recententries.php, (29) serendipity_plugin_remoterss/serendipity_plugin_remoterss.php, (30) serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php, and and (31) serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21367"
},
{
"name": "ADV-2006-4782",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4782"
},
{
"name": "serendipity-lang-file-include(30615)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30615"
},
{
"name": "2869",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2869"
},
{
"name": "http://www.s9y.org/forums/viewtopic.php?t=7922",
"refsource": "MISC",
"url": "http://www.s9y.org/forums/viewtopic.php?t=7922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6242",
"datePublished": "2006-12-03T18:00:00",
"dateReserved": "2006-12-03T00:00:00",
"dateUpdated": "2024-08-07T20:19:35.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-31576
Vulnerability from cvelistv5
Published
2023-05-16 00:00
Modified
2025-01-23 17:07
Severity ?
EPSS score ?
Summary
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/s9y/2023/Serendipity-2.4-beta-1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T17:04:46.702029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T17:07:41.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-16T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/s9y/2023/Serendipity-2.4-beta-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31576",
"datePublished": "2023-05-16T00:00:00.000Z",
"dateReserved": "2023-04-29T00:00:00.000Z",
"dateUpdated": "2025-01-23T17:07:41.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1451
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/15878 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/15145 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.s9y.org/63.html#A9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:49.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15878",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15878"
},
{
"name": "15145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.s9y.org/63.html#A9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:37:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15878",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15878"
},
{
"name": "15145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.s9y.org/63.html#A9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15878",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15878"
},
{
"name": "15145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15145"
},
{
"name": "http://www.s9y.org/63.html#A9",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/63.html#A9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1451",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:49.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1385
Vulnerability from cvelistv5
Published
2008-04-23 10:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/archive/1/491176/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/28885 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/1348/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/29942 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41965 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1019915 | vdb-entry, x_refsource_SECTRACK | |
| http://int21.de/cve/CVE-2008-1385-s9y.html | x_refsource_MISC | |
| http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
},
{
"name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
},
{
"name": "28885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28885"
},
{
"name": "ADV-2008-1348",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1348/references"
},
{
"name": "29942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29942"
},
{
"name": "topreferrers-referer-xss(41965)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41965"
},
{
"name": "1019915",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019915"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2008-1385-s9y.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
},
{
"name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
},
{
"name": "28885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28885"
},
{
"name": "ADV-2008-1348",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1348/references"
},
{
"name": "29942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29942"
},
{
"name": "topreferrers-referer-xss(41965)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41965"
},
{
"name": "1019915",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019915"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2008-1385-s9y.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
},
{
"name": "20080422 Correcting CVEs (was Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008-1387))",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
},
{
"name": "28885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28885"
},
{
"name": "ADV-2008-1348",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1348/references"
},
{
"name": "29942",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29942"
},
{
"name": "topreferrers-referer-xss(41965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41965"
},
{
"name": "1019915",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019915"
},
{
"name": "http://int21.de/cve/CVE-2008-1385-s9y.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2008-1385-s9y.html"
},
{
"name": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1385",
"datePublished": "2008-04-23T10:00:00",
"dateReserved": "2008-03-18T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0124
Vulnerability from cvelistv5
Published
2008-02-28 20:00
Modified
2024-08-07 07:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/0700/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/28003 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/29128 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1019502 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2008/dsa-1528 | vendor-advisory, x_refsource_DEBIAN | |
| http://int21.de/cve/CVE-2008-0124-s9y.html | x_refsource_MISC | |
| http://secunia.com/advisories/29502 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40851 | vdb-entry, x_refsource_XF | |
| http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0700",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0700/references"
},
{
"name": "28003",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28003"
},
{
"name": "29128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29128"
},
{
"name": "1019502",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019502"
},
{
"name": "DSA-1528",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2008-0124-s9y.html"
},
{
"name": "29502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29502"
},
{
"name": "serendipity-realname-username-xss(40851)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40851"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the \"Real name\" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0700",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0700/references"
},
{
"name": "28003",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28003"
},
{
"name": "29128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29128"
},
{
"name": "1019502",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019502"
},
{
"name": "DSA-1528",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2008-0124-s9y.html"
},
{
"name": "29502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29502"
},
{
"name": "serendipity-realname-username-xss(40851)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40851"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the \"Real name\" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0700",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0700/references"
},
{
"name": "28003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28003"
},
{
"name": "29128",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29128"
},
{
"name": "1019502",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019502"
},
{
"name": "DSA-1528",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"name": "http://int21.de/cve/CVE-2008-0124-s9y.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2008-0124-s9y.html"
},
{
"name": "29502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29502"
},
{
"name": "serendipity-realname-username-xss(40851)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40851"
},
{
"name": "http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0124",
"datePublished": "2008-02-28T20:00:00",
"dateReserved": "2008-01-07T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2331
Vulnerability from cvelistv5
Published
2012-08-13 23:00
Modified
2024-09-16 22:55
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/08/6 | mailing-list, x_refsource_MLIST | |
| http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html | x_refsource_MISC | |
| https://github.com/s9y/Serendipity/commit/264bf55719baacc069ff9d3cc35f0c349cde11e3 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/53418 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/49009 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/05/09/2 | mailing-list, x_refsource_MLIST | |
| http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:23.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120508 CVE request: XSS and SQL injection in serendipity before 1.7.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/commit/264bf55719baacc069ff9d3cc35f0c349cde11e3"
},
{
"name": "53418",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53418"
},
{
"name": "49009",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt"
},
{
"name": "[oss-security] 20120508 Re: CVE request: XSS and SQL injection in serendipity before 1.7.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/09/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html"
},
{
"name": "20120508 Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-13T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120508 CVE request: XSS and SQL injection in serendipity before 1.7.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/s9y/Serendipity/commit/264bf55719baacc069ff9d3cc35f0c349cde11e3"
},
{
"name": "53418",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53418"
},
{
"name": "49009",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt"
},
{
"name": "[oss-security] 20120508 Re: CVE request: XSS and SQL injection in serendipity before 1.7.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/09/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html"
},
{
"name": "20120508 Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120508 CVE request: XSS and SQL injection in serendipity before 1.7.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/6"
},
{
"name": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html",
"refsource": "MISC",
"url": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html"
},
{
"name": "https://github.com/s9y/Serendipity/commit/264bf55719baacc069ff9d3cc35f0c349cde11e3",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/commit/264bf55719baacc069ff9d3cc35f0c349cde11e3"
},
{
"name": "53418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53418"
},
{
"name": "49009",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49009"
},
{
"name": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt",
"refsource": "MISC",
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt"
},
{
"name": "[oss-security] 20120508 Re: CVE request: XSS and SQL injection in serendipity before 1.7.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/09/2"
},
{
"name": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html"
},
{
"name": "20120508 Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2331",
"datePublished": "2012-08-13T23:00:00Z",
"dateReserved": "2012-04-19T00:00:00Z",
"dateUpdated": "2024-09-16T22:55:59.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6205
Vulnerability from cvelistv5
Published
2007-12-11 20:00
Modified
2024-08-07 15:54
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/39143 | vdb-entry, x_refsource_OSVDB | |
| http://blog.s9y.org/archives/187-Serendipity-1.2.1-released.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/28012 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.int21.de/cve/CVE-2007-6205-s9y.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/26783 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/3437 | third-party-advisory, x_refsource_SREASON | |
| http://www.debian.org/security/2008/dsa-1528 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/archive/1/484800/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/29502 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38947 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/4171 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39143",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/187-Serendipity-1.2.1-released.html"
},
{
"name": "28012",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28012"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.int21.de/cve/CVE-2007-6205-s9y.html"
},
{
"name": "26783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26783"
},
{
"name": "3437",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3437"
},
{
"name": "DSA-1528",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"name": "20071210 CVE-2007-6205",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484800/100/0/threaded"
},
{
"name": "29502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29502"
},
{
"name": "serendipity-rss-feeds-xss(38947)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38947"
},
{
"name": "ADV-2007-4171",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39143",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/187-Serendipity-1.2.1-released.html"
},
{
"name": "28012",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28012"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.int21.de/cve/CVE-2007-6205-s9y.html"
},
{
"name": "26783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26783"
},
{
"name": "3437",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3437"
},
{
"name": "DSA-1528",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"name": "20071210 CVE-2007-6205",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484800/100/0/threaded"
},
{
"name": "29502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29502"
},
{
"name": "serendipity-rss-feeds-xss(38947)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38947"
},
{
"name": "ADV-2007-4171",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39143",
"refsource": "OSVDB",
"url": "http://osvdb.org/39143"
},
{
"name": "http://blog.s9y.org/archives/187-Serendipity-1.2.1-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/187-Serendipity-1.2.1-released.html"
},
{
"name": "28012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28012"
},
{
"name": "http://www.int21.de/cve/CVE-2007-6205-s9y.html",
"refsource": "MISC",
"url": "http://www.int21.de/cve/CVE-2007-6205-s9y.html"
},
{
"name": "26783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26783"
},
{
"name": "3437",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3437"
},
{
"name": "DSA-1528",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"name": "20071210 CVE-2007-6205",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484800/100/0/threaded"
},
{
"name": "29502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29502"
},
{
"name": "serendipity-rss-feeds-xss(38947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38947"
},
{
"name": "ADV-2007-4171",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6205",
"datePublished": "2007-12-11T20:00:00",
"dateReserved": "2007-12-03T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1910
Vulnerability from cvelistv5
Published
2006-04-20 18:00
Modified
2024-08-07 17:27
Severity ?
EPSS score ?
Summary
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/17566 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17566"
},
{
"name": "20040614 Serendipity Blog vuln",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-26T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17566"
},
{
"name": "20040614 Serendipity Blog vuln",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17566"
},
{
"name": "20040614 Serendipity Blog vuln",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1910",
"datePublished": "2006-04-20T18:00:00",
"dateReserved": "2006-04-20T00:00:00",
"dateUpdated": "2024-08-07T17:27:29.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8102
Vulnerability from cvelistv5
Published
2017-04-24 18:00
Modified
2024-09-16 16:57
Severity ?
EPSS score ?
Summary
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2017/Apr/44 | x_refsource_MISC | |
| https://github.com/s9y/Serendipity/issues/456 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/issues/456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin\u0027s cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-24T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s9y/Serendipity/issues/456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin\u0027s cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Apr/44",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/44"
},
{
"name": "https://github.com/s9y/Serendipity/issues/456",
"refsource": "MISC",
"url": "https://github.com/s9y/Serendipity/issues/456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8102",
"datePublished": "2017-04-24T18:00:00Z",
"dateReserved": "2017-04-24T00:00:00Z",
"dateUpdated": "2024-09-16T16:57:58.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5475
Vulnerability from cvelistv5
Published
2017-01-14 06:56
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/s9y/Serendipity/issues/439 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95656 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/issues/439"
},
{
"name": "95656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-20T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/s9y/Serendipity/issues/439"
},
{
"name": "95656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/s9y/Serendipity/issues/439",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/issues/439"
},
{
"name": "95656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5475",
"datePublished": "2017-01-14T06:56:00",
"dateReserved": "2017-01-13T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2157
Vulnerability from cvelistv5
Published
2005-07-10 04:00
Modified
2024-08-08 01:15
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11269 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17536 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1011448 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/12673/ | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11269",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11269"
},
{
"name": "serendipity-commentphp-xss(17536)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17536"
},
{
"name": "1011448",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011448"
},
{
"name": "12673",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12673/"
},
{
"name": "20040928 Serendipity 0.7-beta1 SQL Injection PoC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11269",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11269"
},
{
"name": "serendipity-commentphp-xss(17536)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17536"
},
{
"name": "1011448",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011448"
},
{
"name": "12673",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12673/"
},
{
"name": "20040928 Serendipity 0.7-beta1 SQL Injection PoC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11269"
},
{
"name": "serendipity-commentphp-xss(17536)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17536"
},
{
"name": "1011448",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011448"
},
{
"name": "12673",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12673/"
},
{
"name": "20040928 Serendipity 0.7-beta1 SQL Injection PoC",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2157",
"datePublished": "2005-07-10T04:00:00",
"dateReserved": "2005-07-10T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1133
Vulnerability from cvelistv5
Published
2019-11-05 20:03
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-1133 | vdb-entry, x_refsource_SECTRACK | |
| https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html | x_refsource_CONFIRM | |
| https://www.openwall.com/lists/oss-security/2011/03/02/5 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2011-1133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1133"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
},
{
"name": "611661",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T20:03:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CVE-2011-1133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1133"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
},
{
"name": "611661",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CVE-2011-1133",
"refsource": "SECTRACK",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1133"
},
{
"name": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html",
"refsource": "CONFIRM",
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/03/02/5",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
},
{
"name": "611661",
"refsource": "DEBIAN",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1133",
"datePublished": "2019-11-05T20:03:37",
"dateReserved": "2011-03-02T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9752
Vulnerability from cvelistv5
Published
2016-12-01 11:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94622 | vdb-entry, x_refsource_BID | |
| https://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html | x_refsource_CONFIRM | |
| https://github.com/s9y/Serendipity/commit/fbdd50a448ed87ba34ea8c56446b8f1873eadd6f | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94622",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/commit/fbdd50a448ed87ba34ea8c56446b8f1873eadd6f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-26T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94622",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/s9y/Serendipity/commit/fbdd50a448ed87ba34ea8c56446b8f1873eadd6f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94622"
},
{
"name": "https://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html",
"refsource": "CONFIRM",
"url": "https://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html"
},
{
"name": "https://github.com/s9y/Serendipity/commit/fbdd50a448ed87ba34ea8c56446b8f1873eadd6f",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/commit/fbdd50a448ed87ba34ea8c56446b8f1873eadd6f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9752",
"datePublished": "2016-12-01T11:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2525
Vulnerability from cvelistv5
Published
2005-10-25 04:00
Modified
2024-08-08 01:29
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1012383 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/11790 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18322 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/12177 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/13357 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/tracker/index.php?func=detail&aid=1076762&group_id=75065&atid=542822 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:13.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1012383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012383"
},
{
"name": "11790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11790"
},
{
"name": "serendipity-combatphp-xss(18322)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18322"
},
{
"name": "12177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/12177"
},
{
"name": "13357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13357"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1076762\u0026group_id=75065\u0026atid=542822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1012383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012383"
},
{
"name": "11790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11790"
},
{
"name": "serendipity-combatphp-xss(18322)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18322"
},
{
"name": "12177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/12177"
},
{
"name": "13357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13357"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1076762\u0026group_id=75065\u0026atid=542822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1012383",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012383"
},
{
"name": "11790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11790"
},
{
"name": "serendipity-combatphp-xss(18322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18322"
},
{
"name": "12177",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12177"
},
{
"name": "13357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13357"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1076762\u0026group_id=75065\u0026atid=542822",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1076762\u0026group_id=75065\u0026atid=542822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2525",
"datePublished": "2005-10-25T04:00:00",
"dateReserved": "2005-10-25T00:00:00",
"dateUpdated": "2024-08-08T01:29:13.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1713
Vulnerability from cvelistv5
Published
2005-05-24 04:00
Modified
2024-09-17 02:27
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/project/shownotes.php?release_id=328092 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/15405 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/16661 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/16660 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=328092"
},
{
"name": "15405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15405"
},
{
"name": "16661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16661"
},
{
"name": "16660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-24T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=328092"
},
{
"name": "15405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15405"
},
{
"name": "16661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16661"
},
{
"name": "16660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=328092",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=328092"
},
{
"name": "15405",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15405"
},
{
"name": "16661",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16661"
},
{
"name": "16660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1713",
"datePublished": "2005-05-24T04:00:00Z",
"dateReserved": "2005-05-24T00:00:00Z",
"dateUpdated": "2024-09-17T02:27:02.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5670
Vulnerability from cvelistv5
Published
2013-11-05 18:00
Modified
2024-09-17 01:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html | x_refsource_CONFIRM | |
| http://www.opensyscom.fr/Actualites/serendipity-xss-vulnerability.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/09/01/3 | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/87395 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2013/09/01/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.opensyscom.fr/Actualites/serendipity-xss-vulnerability.html"
},
{
"name": "[oss-security] 20130901 Re: CVE request: serendipity before 1.7.3 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/01/3"
},
{
"name": "87395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/87395"
},
{
"name": "[oss-security] 20130901 CVE request: serendipity before 1.7.3 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/01/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-05T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.opensyscom.fr/Actualites/serendipity-xss-vulnerability.html"
},
{
"name": "[oss-security] 20130901 Re: CVE request: serendipity before 1.7.3 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/01/3"
},
{
"name": "87395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/87395"
},
{
"name": "[oss-security] 20130901 CVE request: serendipity before 1.7.3 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/01/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html"
},
{
"name": "http://www.opensyscom.fr/Actualites/serendipity-xss-vulnerability.html",
"refsource": "MISC",
"url": "http://www.opensyscom.fr/Actualites/serendipity-xss-vulnerability.html"
},
{
"name": "[oss-security] 20130901 Re: CVE request: serendipity before 1.7.3 XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/01/3"
},
{
"name": "87395",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/87395"
},
{
"name": "[oss-security] 20130901 CVE request: serendipity before 1.7.3 XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/09/01/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5670",
"datePublished": "2013-11-05T18:00:00Z",
"dateReserved": "2013-09-01T00:00:00Z",
"dateUpdated": "2024-09-17T01:47:04.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11870
Vulnerability from cvelistv5
Published
2019-05-09 21:25
Modified
2024-08-04 23:03
Severity ?
EPSS score ?
Summary
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2019/05/03/3 | x_refsource_MISC | |
| https://github.com/s9y/Serendipity/issues/598 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/05/10/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/05/03/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/issues/598"
},
{
"name": "[oss-security] 20190510 Re: XSS via EXIF tag in Serendipity blog",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/10/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-10T11:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/05/03/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s9y/Serendipity/issues/598"
},
{
"name": "[oss-security] 20190510 Re: XSS via EXIF tag in Serendipity blog",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/10/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html",
"refsource": "MISC",
"url": "https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2019/05/03/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/05/03/3"
},
{
"name": "https://github.com/s9y/Serendipity/issues/598",
"refsource": "MISC",
"url": "https://github.com/s9y/Serendipity/issues/598"
},
{
"name": "[oss-security] 20190510 Re: XSS via EXIF tag in Serendipity blog",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/05/10/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11870",
"datePublished": "2019-05-09T21:25:09",
"dateReserved": "2019-05-09T00:00:00",
"dateUpdated": "2024-08-04T23:03:32.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10082
Vulnerability from cvelistv5
Published
2016-12-30 07:08
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95165 | vdb-entry, x_refsource_BID | |
| https://github.com/s9y/Serendipity/issues/433 | x_refsource_CONFIRM | |
| https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/issues/433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/s9y/Serendipity/issues/433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95165"
},
{
"name": "https://github.com/s9y/Serendipity/issues/433",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/issues/433"
},
{
"name": "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10082",
"datePublished": "2016-12-30T07:08:00",
"dateReserved": "2016-12-30T00:00:00",
"dateUpdated": "2024-08-06T03:07:32.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4412
Vulnerability from cvelistv5
Published
2009-12-24 16:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2009/12/21/1 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/61245 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54985 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/3626 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/37830 | third-party-advisory, x_refsource_SECUNIA | |
| http://blog.s9y.org/archives/211-Serendipity-1.5-released.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20091221 CVE request: Serendipity \u003c 1.5 upload of files with *.php.* possible",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/21/1"
},
{
"name": "61245",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61245"
},
{
"name": "serendipity-unspecified-file-upload(54985)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54985"
},
{
"name": "ADV-2009-3626",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3626"
},
{
"name": "37830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37830"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/211-Serendipity-1.5-released.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20091221 CVE request: Serendipity \u003c 1.5 upload of files with *.php.* possible",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/21/1"
},
{
"name": "61245",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61245"
},
{
"name": "serendipity-unspecified-file-upload(54985)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54985"
},
{
"name": "ADV-2009-3626",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3626"
},
{
"name": "37830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37830"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/211-Serendipity-1.5-released.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20091221 CVE request: Serendipity \u003c 1.5 upload of files with *.php.* possible",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/21/1"
},
{
"name": "61245",
"refsource": "OSVDB",
"url": "http://osvdb.org/61245"
},
{
"name": "serendipity-unspecified-file-upload(54985)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54985"
},
{
"name": "ADV-2009-3626",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3626"
},
{
"name": "37830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37830"
},
{
"name": "http://blog.s9y.org/archives/211-Serendipity-1.5-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/211-Serendipity-1.5-released.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4412",
"datePublished": "2009-12-24T16:00:00",
"dateReserved": "2009-12-23T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2332
Vulnerability from cvelistv5
Published
2012-08-13 23:00
Modified
2024-09-17 02:52
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/08/6 | mailing-list, x_refsource_MLIST | |
| http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/53418 | vdb-entry, x_refsource_BID | |
| http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/05/09/2 | mailing-list, x_refsource_MLIST | |
| http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:23.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120508 CVE request: XSS and SQL injection in serendipity before 1.7.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html"
},
{
"name": "53418",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53418"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt"
},
{
"name": "[oss-security] 20120508 Re: CVE request: XSS and SQL injection in serendipity before 1.7.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/09/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html"
},
{
"name": "20120508 Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-13T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120508 CVE request: XSS and SQL injection in serendipity before 1.7.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html"
},
{
"name": "53418",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53418"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt"
},
{
"name": "[oss-security] 20120508 Re: CVE request: XSS and SQL injection in serendipity before 1.7.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/09/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html"
},
{
"name": "20120508 Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120508 CVE request: XSS and SQL injection in serendipity before 1.7.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/6"
},
{
"name": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html",
"refsource": "MISC",
"url": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html"
},
{
"name": "53418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53418"
},
{
"name": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt",
"refsource": "MISC",
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt"
},
{
"name": "[oss-security] 20120508 Re: CVE request: XSS and SQL injection in serendipity before 1.7.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/09/2"
},
{
"name": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html"
},
{
"name": "20120508 Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2332",
"datePublished": "2012-08-13T23:00:00Z",
"dateReserved": "2012-04-19T00:00:00Z",
"dateUpdated": "2024-09-17T02:52:09.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9681
Vulnerability from cvelistv5
Published
2016-12-25 17:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/s9y/Serendipity/commit/e2a665e13b7de82a71c9bbb77575d15131b722be | x_refsource_MISC | |
| http://www.securityfocus.com/bid/95095 | vdb-entry, x_refsource_BID | |
| https://smarterbitbybit.com/cve-2016-9681-serendipity-cms-xss-vulnerability-in-version-2-0-4/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/commit/e2a665e13b7de82a71c9bbb77575d15131b722be"
},
{
"name": "95095",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95095"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://smarterbitbybit.com/cve-2016-9681-serendipity-cms-xss-vulnerability-in-version-2-0-4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-26T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/s9y/Serendipity/commit/e2a665e13b7de82a71c9bbb77575d15131b722be"
},
{
"name": "95095",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95095"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://smarterbitbybit.com/cve-2016-9681-serendipity-cms-xss-vulnerability-in-version-2-0-4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/s9y/Serendipity/commit/e2a665e13b7de82a71c9bbb77575d15131b722be",
"refsource": "MISC",
"url": "https://github.com/s9y/Serendipity/commit/e2a665e13b7de82a71c9bbb77575d15131b722be"
},
{
"name": "95095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95095"
},
{
"name": "https://smarterbitbybit.com/cve-2016-9681-serendipity-cms-xss-vulnerability-in-version-2-0-4/",
"refsource": "MISC",
"url": "https://smarterbitbybit.com/cve-2016-9681-serendipity-cms-xss-vulnerability-in-version-2-0-4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9681",
"datePublished": "2016-12-25T17:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1449
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-09-17 03:14
Severity ?
EPSS score ?
Summary
Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/15145 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.s9y.org/63.html#A9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.s9y.org/63.html#A9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-03T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15145",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.s9y.org/63.html#A9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15145"
},
{
"name": "http://www.s9y.org/63.html#A9",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/63.html#A9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1449",
"datePublished": "2005-05-03T04:00:00Z",
"dateReserved": "2005-05-03T00:00:00Z",
"dateUpdated": "2024-09-17T03:14:37.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2289
Vulnerability from cvelistv5
Published
2015-03-23 16:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/534871/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/130838/Serendipity-CMS-2.0-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/03/14/1 | mailing-list, x_refsource_MLIST | |
| http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html | x_refsource_CONFIRM | |
| https://github.com/s9y/Serendipity/commit/a30886d3bb9d8eeb6698948864c77caaa982435d | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1031961 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150313 Serendipity CMS - XSS Vulnerability in Version 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534871/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130838/Serendipity-CMS-2.0-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150314 CVE-2015-2289: Serendipity CMS cross-site scripting vulnerability in 2.0 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/s9y/Serendipity/commit/a30886d3bb9d8eeb6698948864c77caaa982435d"
},
{
"name": "1031961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150313 Serendipity CMS - XSS Vulnerability in Version 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534871/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130838/Serendipity-CMS-2.0-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150314 CVE-2015-2289: Serendipity CMS cross-site scripting vulnerability in 2.0 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/s9y/Serendipity/commit/a30886d3bb9d8eeb6698948864c77caaa982435d"
},
{
"name": "1031961",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031961"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150313 Serendipity CMS - XSS Vulnerability in Version 2.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534871/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/130838/Serendipity-CMS-2.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130838/Serendipity-CMS-2.0-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150314 CVE-2015-2289: Serendipity CMS cross-site scripting vulnerability in 2.0 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/1"
},
{
"name": "http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html"
},
{
"name": "https://github.com/s9y/Serendipity/commit/a30886d3bb9d8eeb6698948864c77caaa982435d",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/commit/a30886d3bb9d8eeb6698948864c77caaa982435d"
},
{
"name": "1031961",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031961"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2289",
"datePublished": "2015-03-23T16:00:00",
"dateReserved": "2015-03-13T00:00:00",
"dateUpdated": "2024-08-06T05:10:15.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-11-05 21:15
Modified
2024-11-21 01:25
Severity ?
Summary
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 | Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2011-1134 | Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2011/03/02/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2011-1134 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2011/03/02/5 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD48E1B9-A52A-4E72-805E-A7D5994D1E90",
"versionEndExcluding": "1.5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versi\u00f3n 1.5.5, permite a atacantes remotos ejecutar c\u00f3digo arbitrario en el administrador de im\u00e1genes."
}
],
"id": "CVE-2011-1134",
"lastModified": "2024-11-21T01:25:37.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T21:15:10.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1134"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-20 03:02
Modified
2024-11-21 00:11
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5 | |
| s9y | serendipity | 0.5_pl1 | |
| s9y | serendipity | 0.6 | |
| s9y | serendipity | 0.6_pl3 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.8 | |
| s9y | serendipity | 0.8.1 | |
| s9y | serendipity | 0.8.2 | |
| s9y | serendipity | 0.8.3 | |
| s9y | serendipity | 0.8.4 | |
| s9y | serendipity | 0.8.5 | |
| s9y | serendipity | 0.9 | |
| s9y | serendipity | 0.9.1 | |
| s9y | serendipity | 1.0_beta1 | |
| s9y | serendipity | 1.0_beta2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DCAE37-B4E9-490E-B441-CA6DD4DBBE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7930F0-59AD-45D6-B79D-92DB88EFF4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2FF146-8CEF-48C8-81A3-08B4736DC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5986FA95-D0F8-4E41-A445-F2F0EFEE872A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22A4B77F-67DC-4D25-8948-0C0B59C38E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E24AD8E2-AEB7-4D73-9B15-AE0B293A0825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B618E746-146D-4FAC-B64F-F31447F821F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF5283A-C29F-47FC-BC9B-6F521A2A12C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag."
}
],
"id": "CVE-2006-2495",
"lastModified": "2024-11-21T00:11:26.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-20T03:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20155"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=414920\u0026group_id=75065"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=414920\u0026group_id=75065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1855"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-10-21 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5 | |
| s9y | serendipity | 0.5_pl1 | |
| s9y | serendipity | 0.6 | |
| s9y | serendipity | 0.6_pl1 | |
| s9y | serendipity | 0.6_pl2 | |
| s9y | serendipity | 0.6_pl3 | |
| s9y | serendipity | 0.6_rc1 | |
| s9y | serendipity | 0.6_rc2 | |
| s9y | serendipity | 0.7_beta1 | |
| s9y | serendipity | 0.7_beta2 | |
| s9y | serendipity | 0.7_beta3 | |
| s9y | serendipity | 0.7_beta4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DCAE37-B4E9-490E-B441-CA6DD4DBBE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7930F0-59AD-45D6-B79D-92DB88EFF4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "75786060-F4F7-4491-8239-2081EBD3AE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "742C3558-301D-4930-859F-7A8AAC231689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "41A56925-4CE9-4843-94BE-E35DBF6CFA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "785115A5-380A-462E-88F6-718320DD7E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C28957-2724-406D-BAD4-DDCDE8CFA843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE669F3-75FA-4237-8424-109FE52F59ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "18814B9C-FE3E-4BB4-99E5-E3A88666B0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "E80A9CDA-C3E2-474F-8E43-440C72B0E8E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php."
}
],
"id": "CVE-2004-1620",
"lastModified": "2024-11-20T23:51:20.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-10-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49\u0026view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10\u0026view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52\u0026view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109841283115808\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12909/"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011864"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=276694"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/11013"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/11038"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/11039"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.s9y.org/5.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11497"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/comment.php?rev=1.49\u0026view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/exit.php?rev=1.10\u0026view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.sourceforge.net/viewcvs.py/php-blog/serendipity/index.php?rev=1.52\u0026view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109841283115808\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12909/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=276694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/11013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/11038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/11039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.s9y.org/5.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17798"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-05 18:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * | |
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.8 | |
| s9y | serendipity | 0.8.1 | |
| s9y | serendipity | 0.8.2 | |
| s9y | serendipity | 0.8.3 | |
| s9y | serendipity | 0.8.4 | |
| s9y | serendipity | 0.8.5 | |
| s9y | serendipity | 0.9 | |
| s9y | serendipity | 0.9.1 | |
| s9y | serendipity | 1.0 | |
| s9y | serendipity | 1.0.1 | |
| s9y | serendipity | 1.0.2 | |
| s9y | serendipity | 1.0.3 | |
| s9y | serendipity | 1.0.4 | |
| s9y | serendipity | 1.1 | |
| s9y | serendipity | 1.1.1 | |
| s9y | serendipity | 1.1.2 | |
| s9y | serendipity | 1.1.3 | |
| s9y | serendipity | 1.1.4 | |
| s9y | serendipity | 1.2 | |
| s9y | serendipity | 1.2.1 | |
| s9y | serendipity | 1.3 | |
| s9y | serendipity | 1.3.1 | |
| s9y | serendipity | 1.4 | |
| s9y | serendipity | 1.4.1 | |
| s9y | serendipity | 1.5.1 | |
| s9y | serendipity | 1.5.2 | |
| s9y | serendipity | 1.5.3 | |
| s9y | serendipity | 1.5.4 | |
| s9y | serendipity | 1.5.5 | |
| s9y | serendipity | 1.6 | |
| s9y | serendipity | 1.6.1 | |
| s9y | serendipity | 1.6.2 | |
| s9y | serendipity | 1.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC473D08-C4CD-4779-96CE-E27B4A039115",
"versionEndIncluding": "1.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2FF146-8CEF-48C8-81A3-08B4736DC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5986FA95-D0F8-4E41-A445-F2F0EFEE872A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22A4B77F-67DC-4D25-8948-0C0B59C38E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E24AD8E2-AEB7-4D73-9B15-AE0B293A0825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5193D1-4BB6-4B2C-8361-BA1C7BE7524B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B62B695-74A2-49AA-87EF-38F129A94755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4ACB96-F32D-40E2-A9F3-A3CD78658C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B027CFC-5E0E-45D3-82BC-8F59F386D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C6CB12-9D14-4D5C-8FC0-02179436B487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23D55BCF-58D1-48D8-9BA2-2884F6126F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "707176E4-B735-4A6A-AC7D-01250663D25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0132EF3F-F9D8-4CEC-A774-4929B4DE6E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2217392-37F3-4CC6-85DE-33CB8841814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "706E7CF6-C396-4A19-B87C-05BA8C8D9EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C422BF-FBDE-4DD2-BB55-868B19890479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E92848-05FA-45EE-BD8A-98E337131892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96AD0492-E4D4-4A43-80EF-5F38F62DFF25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B176479-5EFB-4943-801A-676B74C04DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D68BD0B3-FB77-4288-93F4-2E018789D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CE765-5EA9-4E38-8EB4-2913CEBE5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91A8DDF5-F344-4810-AAFA-31085CC8ED01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8058BE3F-6C1E-4B6D-922D-909022D897CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE5B0BC-C4CC-4B2C-AF6F-44E1680316CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF273FA-FBAE-416B-A7C6-248A73796485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0276D632-867C-47DF-B377-DCCA7A25030C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3D0674-7B1B-4250-8D02-DBAB80FD4B5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F45A97DF-79AD-416A-A682-06264E077C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75637480-C8A1-4969-B9F5-4E6F02CCC361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4D73CCBF-A5D5-44AB-AD02-8ACA5B271017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad cross-site scripting (XSS) en spell-check-savedicts.php en el m\u00f3dulo htmlarea SpellChecker, tal como se utiliza en Serendipity anterior a la versi\u00f3n 1.7.3 y posiblemente en otros productos, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro to_r_list."
}
],
"id": "CVE-2013-5670",
"lastModified": "2024-11-21T01:57:55.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-05T18:55:06.167",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.opensyscom.fr/Actualites/serendipity-xss-vulnerability.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/01/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/01/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/87395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.opensyscom.fr/Actualites/serendipity-xss-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/01/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/87395"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-24 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins."
}
],
"id": "CVE-2005-1713",
"lastModified": "2024-11-20T23:57:57.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15405"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=328092"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/16660"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/16661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=328092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/16660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/16661"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-13 23:55
Modified
2024-11-21 01:38
Severity ?
Summary
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * | |
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.8 | |
| s9y | serendipity | 0.8.1 | |
| s9y | serendipity | 0.8.2 | |
| s9y | serendipity | 0.8.3 | |
| s9y | serendipity | 0.8.4 | |
| s9y | serendipity | 0.8.5 | |
| s9y | serendipity | 0.9 | |
| s9y | serendipity | 0.9.1 | |
| s9y | serendipity | 1.0 | |
| s9y | serendipity | 1.0.1 | |
| s9y | serendipity | 1.0.2 | |
| s9y | serendipity | 1.0.3 | |
| s9y | serendipity | 1.0.4 | |
| s9y | serendipity | 1.1 | |
| s9y | serendipity | 1.1.1 | |
| s9y | serendipity | 1.1.2 | |
| s9y | serendipity | 1.1.3 | |
| s9y | serendipity | 1.1.4 | |
| s9y | serendipity | 1.2 | |
| s9y | serendipity | 1.2.1 | |
| s9y | serendipity | 1.3 | |
| s9y | serendipity | 1.3.1 | |
| s9y | serendipity | 1.4 | |
| s9y | serendipity | 1.4.1 | |
| s9y | serendipity | 1.5.1 | |
| s9y | serendipity | 1.5.2 | |
| s9y | serendipity | 1.5.3 | |
| s9y | serendipity | 1.5.4 | |
| s9y | serendipity | 1.5.5 | |
| s9y | serendipity | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3C0E3-1F0C-41AA-BE48-AB46CA35D4BE",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2FF146-8CEF-48C8-81A3-08B4736DC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5986FA95-D0F8-4E41-A445-F2F0EFEE872A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22A4B77F-67DC-4D25-8948-0C0B59C38E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E24AD8E2-AEB7-4D73-9B15-AE0B293A0825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5193D1-4BB6-4B2C-8361-BA1C7BE7524B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B62B695-74A2-49AA-87EF-38F129A94755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4ACB96-F32D-40E2-A9F3-A3CD78658C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B027CFC-5E0E-45D3-82BC-8F59F386D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C6CB12-9D14-4D5C-8FC0-02179436B487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23D55BCF-58D1-48D8-9BA2-2884F6126F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "707176E4-B735-4A6A-AC7D-01250663D25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0132EF3F-F9D8-4CEC-A774-4929B4DE6E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2217392-37F3-4CC6-85DE-33CB8841814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "706E7CF6-C396-4A19-B87C-05BA8C8D9EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C422BF-FBDE-4DD2-BB55-868B19890479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E92848-05FA-45EE-BD8A-98E337131892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96AD0492-E4D4-4A43-80EF-5F38F62DFF25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B176479-5EFB-4943-801A-676B74C04DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D68BD0B3-FB77-4288-93F4-2E018789D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CE765-5EA9-4E38-8EB4-2913CEBE5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91A8DDF5-F344-4810-AAFA-31085CC8ED01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8058BE3F-6C1E-4B6D-922D-909022D897CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE5B0BC-C4CC-4B2C-AF6F-44E1680316CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF273FA-FBAE-416B-A7C6-248A73796485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0276D632-867C-47DF-B377-DCCA7A25030C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F45A97DF-79AD-416A-A682-06264E077C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF)."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en serendipity/serendipity_admin.php en Serendipity antes de v1.6.1 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro serendipity[plugin_to_conf]. NOTA: este problema podr\u00eda ser resultante de una falsificaci\u00f3n de solicitudes en sitios cruzados (CSRF).\r\n"
}
],
"id": "CVE-2012-2332",
"lastModified": "2024-11-21T01:38:54.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-13T23:55:02.803",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html"
},
{
"source": "secalert@redhat.com",
"url": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/09/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53418"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-24 18:29
Modified
2024-11-21 02:44
Severity ?
Summary
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution/ | Third Party Advisory | |
| cve@mitre.org | https://demo.ripstech.com/projects/serendipity_2.0.3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://demo.ripstech.com/projects/serendipity_2.0.3 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A04581-75DE-43E4-9BF4-04431DD3D3F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by \"php\" as a filename."
},
{
"lang": "es",
"value": "En Serendipity versi\u00f3n 2.0.3, la funci\u00f3n serendipity_moveMediaDirectory permite que los atacantes remotos carguen y ejecuten c\u00f3digo PHP arbitrario, debido a un manejo inapropiado del nombre de archivo sin extensi\u00f3n durante un cambio de nombre, como lo demuestra \"php\" como un nombre de archivo."
}
],
"id": "CVE-2016-10752",
"lastModified": "2024-11-21T02:44:39.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-24T18:29:00.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://demo.ripstech.com/projects/serendipity_2.0.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://demo.ripstech.com/projects/serendipity_2.0.3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-14 07:59
Modified
2024-11-21 03:27
Severity ?
Summary
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/95652 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95652 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd | Issue Tracking, Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C50710-D1C1-4D98-8905-2331437E2C29",
"versionEndIncluding": "2.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en comment.php en Serendipity hasta la versi\u00f3n 2.0.5 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar acabo ataques de phishing a trav\u00e9s de una URL en el encabezado HTTP Referer."
}
],
"id": "CVE-2017-5474",
"lastModified": "2024-11-21T03:27:41.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-14T07:59:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95652"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5_pl1 | |
| s9y | serendipity | 0.6_pl3 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.7_beta1 | |
| s9y | serendipity | 0.7_beta2 | |
| s9y | serendipity | 0.7_beta3 | |
| s9y | serendipity | 0.7_beta4 | |
| s9y | serendipity | 0.7_rc1 | |
| s9y | serendipity | 0.8_beta5 | |
| s9y | serendipity | 0.8_beta6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C28957-2724-406D-BAD4-DDCDE8CFA843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE669F3-75FA-4237-8424-109FE52F59ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "18814B9C-FE3E-4BB4-99E5-E3A88666B0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "E80A9CDA-C3E2-474F-8E43-440C72B0E8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "15CFA451-FFD4-452D-A744-5FDA80379BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "F29716C7-2882-4B69-A4F8-BDBF0FB9CF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A455F8B9-8A31-4BF1-895B-5D4579BE9C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact."
}
],
"id": "CVE-2005-1449",
"lastModified": "2024-11-20T23:57:22.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15145"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.s9y.org/63.html#A9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.s9y.org/63.html#A9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-30 07:59
Modified
2024-11-21 02:43
Severity ?
Summary
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/95165 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/s9y/Serendipity/issues/433 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95165 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/s9y/Serendipity/issues/433 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C50710-D1C1-4D98-8905-2331437E2C29",
"versionEndIncluding": "2.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file."
},
{
"lang": "es",
"value": "include/functions_installer.inc.php en Serendipity hasta la versi\u00f3n 2.0.5 es vulnerable a ataques File Inclusion y posiblemente Code Execution durante una primera instalaci\u00f3n porque falla en desinfectar el par\u00e1metro dbType POST antes de a\u00f1adirlo a una llamada include() en el archivo bundled-libs/serendipity_generateFTPChecksums.php."
}
],
"id": "CVE-2016-10082",
"lastModified": "2024-11-21T02:43:15.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-30T07:59:00.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95165"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/issues/433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/commit/bba6a840f4d53cbaf62971a3078a98c8ddf92b85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/issues/433"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-09 23:29
Modified
2024-11-21 04:21
Severity ?
Summary
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/05/10/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/s9y/Serendipity/issues/598 | Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2019/05/03/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/05/10/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/s9y/Serendipity/issues/598 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2019/05/03/3 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D88431A4-EC0F-46BE-BD1C-C5EE98AE1B26",
"versionEndExcluding": "2.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature."
},
{
"lang": "es",
"value": "Serendipity, versiones anteriores a 2.1.5, es vulnerable a un ataque XSS a trav\u00e9s de datos EXIF que son gestionados de manera incorrecta en las plantillas/2k11/admin/media_choose.tpl o en las plantillas/2k11/admin/media_items.tpl de la funcionalidad Media Library."
}
],
"id": "CVE-2019-11870",
"lastModified": "2024-11-21T04:21:55.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-09T23:29:00.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/10/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/issues/598"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/05/03/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/issues/598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/05/03/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-10 18:00
Modified
2024-11-21 01:17
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B90B3D2-8678-4E7D-BEB1-75F57DFCD81F",
"versionEndIncluding": "1.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DCAE37-B4E9-490E-B441-CA6DD4DBBE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5:pl1:*:*:*:*:*:*",
"matchCriteriaId": "5A65D59D-DDFF-4551-987C-D449A4C6F57A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7930F0-59AD-45D6-B79D-92DB88EFF4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:pl1:*:*:*:*:*:*",
"matchCriteriaId": "7944B3DC-25B1-47EA-A919-E15DDE829A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:pl2:*:*:*:*:*:*",
"matchCriteriaId": "8739C797-0843-48B3-98E0-35D833A92CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:pl3:*:*:*:*:*:*",
"matchCriteriaId": "894A8EF2-0014-49CB-9947-65E1C3CDE0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "475C0928-80F3-4DE1-8A75-90C87B24D530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "60A92A7E-A564-459F-8F92-703716C40634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FBBF1CD6-8476-42C9-BAFC-33976EA84AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A1426E66-CDA6-45A0-AF6C-FB2F0312F53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:beta3:*:*:*:*:*:*",
"matchCriteriaId": "39A9649C-EF1F-48CA-93F0-74C0F35CC42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E8AF0430-7807-48F7-9FB2-5C3831BD17D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8C9BD9E5-C924-47E1-AA31-ED98B947FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:beta5:*:*:*:*:*:*",
"matchCriteriaId": "99A55A6D-6F6A-4684-8532-F19856D1440F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:beta6:*:*:*:*:*:*",
"matchCriteriaId": "20D7A000-A3B7-4047-AB8E-E77732E31EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:beta6_snapshot:*:*:*:*:*:*",
"matchCriteriaId": "992EC39E-DB67-4FD2-846A-4387C23031CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2FF146-8CEF-48C8-81A3-08B4736DC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5986FA95-D0F8-4E41-A445-F2F0EFEE872A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22A4B77F-67DC-4D25-8948-0C0B59C38E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E24AD8E2-AEB7-4D73-9B15-AE0B293A0825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5193D1-4BB6-4B2C-8361-BA1C7BE7524B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "153BD501-C162-4D75-B7B6-41B03D3D4A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F4EA6E64-385D-4CC9-A4DC-D95BA8EDB519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9574CE0E-8B43-4ECD-8812-AE5E0A5DE7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B62B695-74A2-49AA-87EF-38F129A94755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4ACB96-F32D-40E2-A9F3-A3CD78658C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B027CFC-5E0E-45D3-82BC-8F59F386D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C6CB12-9D14-4D5C-8FC0-02179436B487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23D55BCF-58D1-48D8-9BA2-2884F6126F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C38FD28F-ACEA-4F2D-9CD8-A35349FCF9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "707176E4-B735-4A6A-AC7D-01250663D25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0132EF3F-F9D8-4CEC-A774-4929B4DE6E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2217392-37F3-4CC6-85DE-33CB8841814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "706E7CF6-C396-4A19-B87C-05BA8C8D9EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C422BF-FBDE-4DD2-BB55-868B19890479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2:beta5:*:*:*:*:*:*",
"matchCriteriaId": "699268BC-DD83-4569-8859-69296DB9AD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E92848-05FA-45EE-BD8A-98E337131892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96AD0492-E4D4-4A43-80EF-5F38F62DFF25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B176479-5EFB-4943-801A-676B74C04DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D68BD0B3-FB77-4288-93F4-2E018789D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CE765-5EA9-4E38-8EB4-2913CEBE5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CE962E7C-08A3-44E4-B06D-E00A03C3DB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A6517B1A-C1E8-41D6-A93C-35A5328ADA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91A8DDF5-F344-4810-AAFA-31085CC8ED01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8058BE3F-6C1E-4B6D-922D-909022D897CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when \"Remember me\" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Serendipity anteriores a v1.5.4, cuando el login \"Remenber me\" est\u00e1 activado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-2957",
"lastModified": "2024-11-21T01:17:43.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-10T18:00:02.080",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/08/29/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/08/31/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/08/29/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/08/31/5"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5_pl1 | |
| s9y | serendipity | 0.6_pl3 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serendipity before 0.8 allows Chief users to \"hide plugins installed by other users.\""
}
],
"id": "CVE-2005-1452",
"lastModified": "2024-11-20T23:57:22.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15145"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.s9y.org/63.html#A9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.s9y.org/63.html#A9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-25 22:15
Modified
2024-11-21 04:56
Severity ?
Summary
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html | Vendor Advisory | |
| cve@mitre.org | https://github.com/s9y/Serendipity/releases/tag/2.3.4 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/s9y/Serendipity/releases/tag/2.3.4 | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "072445B1-4B89-41E8-9043-C1981937F42B",
"versionEndExcluding": "2.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename."
},
{
"lang": "es",
"value": "Serendipity versiones anteriores a 2.3.4 en Windows, permite a atacantes remotos ejecutar c\u00f3digo arbitrario porque el nombre de archivo de un archivo renombrado puede terminar con un punto. Este archivo luego puede ser renombrado para tener un nombre de archivo .php."
}
],
"id": "CVE-2020-10964",
"lastModified": "2024-11-21T04:56:27.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-25T22:15:12.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/releases/tag/2.3.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/290-Serendipity-2.3.4-released-security-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/releases/tag/2.3.4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-28 18:59
Modified
2024-11-21 03:28
Severity ?
Summary
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/95850 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/s9y/Serendipity/releases/tag/2.1-rc1 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95850 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/s9y/Serendipity/releases/tag/2.1-rc1 | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 2.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "62698057-2D97-42F0-913C-76CB939804FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en include/functions_entries.inc.php en Serendipity 2.0.5 permite a usuarios autenticados remotos ejecutar comandos arbitrarios SQL a trav\u00e9s del par\u00e1metro cat."
}
],
"id": "CVE-2017-5609",
"lastModified": "2024-11-21T03:28:00.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-28T18:59:00.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95850"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/releases/tag/2.1-rc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/releases/tag/2.1-rc1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-05 21:15
Modified
2024-11-21 01:25
Severity ?
Summary
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 | Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2011-1133 | Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2011/03/02/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2011-1133 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2011/03/02/5 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD48E1B9-A52A-4E72-805E-A7D5994D1E90",
"versionEndExcluding": "1.5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versi\u00f3n 1.5.5, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio del archivo plugins/ExtendedFileManager/backend.php."
}
],
"id": "CVE-2011-1133",
"lastModified": "2024-11-21T01:25:37.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T21:15:10.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1133"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-15 18:59
Modified
2024-11-21 02:35
Severity ?
Summary
SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D005EE-D639-44A8-9522-DED5F5099B6E",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when \"Use Tokens for Comment Moderation\" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n serendipity_checkCommentToken en include/functions_comments.inc.php en Serendipity en versiones anteriores a 2.0.2, cuando \"Use Tokens for Comment Moderation\" est\u00e1 habilitado, permite a administradores remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro serendipity[id] parameter en serendipity_admin.php."
}
],
"id": "CVE-2015-6943",
"lastModified": "2024-11-21T02:35:55.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-15T18:59:01.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Blind-SQL-Injection-52.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133428/Serendipity-2.0.1-Blind-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/10"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1033558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Blind-SQL-Injection-52.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133428/Serendipity-2.0.1-Blind-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033558"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5_pl1 | |
| s9y | serendipity | 0.6_pl3 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in \"the function used to validate path-names for uploading media\" in Serendipity before 0.8 has unknown impact."
}
],
"id": "CVE-2005-1450",
"lastModified": "2024-11-20T23:57:22.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15145"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/15877"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.s9y.org/63.html#A9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/15877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.s9y.org/63.html#A9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-03 19:28
Modified
2024-11-21 00:22
Severity ?
Summary
Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativecommons/serendipity_event_creativecommons.php, (6) serendipity_event_emoticate/serendipity_event_emoticate.php, (7) serendipity_event_entryproperties/serendipity_event_entryproperties.php, (8) serendipity_event_karma/serendipity_event_karma.php, (9) serendipity_event_livesearch/serendipity_event_livesearch.php, (10) serendipity_event_mailer/serendipity_event_mailer.php, (11) serendipity_event_nl2br/serendipity_event_nl2br.php, (12) serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php, (13) serendipity_event_searchhighlight/serendipity_event_searchhighlight.php, (14) serendipity_event_spamblock/serendipity_event_spamblock.php, (15) serendipity_event_spartacus/serendipity_event_spartacus.php, (16) serendipity_event_statistics/serendipity_plugin_statistics.php, (17) serendipity_event_templatechooser/serendipity_event_templatechooser.php, (18) serendipity_event_textile/serendipity_event_textile.php, (19) serendipity_event_textwiki/serendipity_event_textwiki.php, (20) serendipity_event_trackexits/serendipity_event_trackexits.php, (21) serendipity_event_weblogping/serendipity_event_weblogping.php, (22) serendipity_event_xhtmlcleanup/serendipity_event_xhtmlcleanup.php, (23) serendipity_plugin_comments/serendipity_plugin_comments.php, (24) serendipity_plugin_creativecommons/serendipity_plugin_creativecommons.php, (25) serendipity_plugin_entrylinks/serendipity_plugin_entrylinks.php, (26) serendipity_plugin_eventwrapper/serendipity_plugin_eventwrapper.php, (27) serendipity_plugin_history/serendipity_plugin_history.php, (28) serendipity_plugin_recententries/serendipity_plugin_recententries.php, (29) serendipity_plugin_remoterss/serendipity_plugin_remoterss.php, (30) serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php, and and (31) serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5 | |
| s9y | serendipity | 0.5_pl1 | |
| s9y | serendipity | 0.6 | |
| s9y | serendipity | 0.6_pl1 | |
| s9y | serendipity | 0.6_pl2 | |
| s9y | serendipity | 0.6_pl3 | |
| s9y | serendipity | 0.6_rc1 | |
| s9y | serendipity | 0.6_rc2 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.7_beta1 | |
| s9y | serendipity | 0.7_beta2 | |
| s9y | serendipity | 0.7_beta3 | |
| s9y | serendipity | 0.7_beta4 | |
| s9y | serendipity | 0.7_rc1 | |
| s9y | serendipity | 0.8 | |
| s9y | serendipity | 0.8.1 | |
| s9y | serendipity | 0.8.2 | |
| s9y | serendipity | 0.8_beta5 | |
| s9y | serendipity | 0.8_beta6 | |
| s9y | serendipity | 0.9.1 | |
| s9y | serendipity | 1.0.3 | |
| s9y | serendipity | 1.0_beta2 | |
| s9y | serendipity | 1.0_beta3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DCAE37-B4E9-490E-B441-CA6DD4DBBE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7930F0-59AD-45D6-B79D-92DB88EFF4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "75786060-F4F7-4491-8239-2081EBD3AE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "742C3558-301D-4930-859F-7A8AAC231689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "41A56925-4CE9-4843-94BE-E35DBF6CFA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "785115A5-380A-462E-88F6-718320DD7E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C28957-2724-406D-BAD4-DDCDE8CFA843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE669F3-75FA-4237-8424-109FE52F59ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "18814B9C-FE3E-4BB4-99E5-E3A88666B0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "E80A9CDA-C3E2-474F-8E43-440C72B0E8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "15CFA451-FFD4-452D-A744-5FDA80379BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "F29716C7-2882-4B69-A4F8-BDBF0FB9CF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A455F8B9-8A31-4BF1-895B-5D4579BE9C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B027CFC-5E0E-45D3-82BC-8F59F386D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF5283A-C29F-47FC-BC9B-6F521A2A12C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDB172B-17ED-4984-BBCD-91411967FC42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativecommons/serendipity_event_creativecommons.php, (6) serendipity_event_emoticate/serendipity_event_emoticate.php, (7) serendipity_event_entryproperties/serendipity_event_entryproperties.php, (8) serendipity_event_karma/serendipity_event_karma.php, (9) serendipity_event_livesearch/serendipity_event_livesearch.php, (10) serendipity_event_mailer/serendipity_event_mailer.php, (11) serendipity_event_nl2br/serendipity_event_nl2br.php, (12) serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php, (13) serendipity_event_searchhighlight/serendipity_event_searchhighlight.php, (14) serendipity_event_spamblock/serendipity_event_spamblock.php, (15) serendipity_event_spartacus/serendipity_event_spartacus.php, (16) serendipity_event_statistics/serendipity_plugin_statistics.php, (17) serendipity_event_templatechooser/serendipity_event_templatechooser.php, (18) serendipity_event_textile/serendipity_event_textile.php, (19) serendipity_event_textwiki/serendipity_event_textwiki.php, (20) serendipity_event_trackexits/serendipity_event_trackexits.php, (21) serendipity_event_weblogping/serendipity_event_weblogping.php, (22) serendipity_event_xhtmlcleanup/serendipity_event_xhtmlcleanup.php, (23) serendipity_plugin_comments/serendipity_plugin_comments.php, (24) serendipity_plugin_creativecommons/serendipity_plugin_creativecommons.php, (25) serendipity_plugin_entrylinks/serendipity_plugin_entrylinks.php, (26) serendipity_plugin_eventwrapper/serendipity_plugin_eventwrapper.php, (27) serendipity_plugin_history/serendipity_plugin_history.php, (28) serendipity_plugin_recententries/serendipity_plugin_recententries.php, (29) serendipity_plugin_remoterss/serendipity_plugin_remoterss.php, (30) serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php, and and (31) serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorios en Serendipity 1.0.3 y anteriores permiten a un atacante remoto leer o incluir archivos locales a trav\u00e9s de la secuencia .. (punto punto) en el par\u00e1metro serendipity[charset] en (1) include/lang.inc.php; o para los archivos de plugins/ (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativecommons/serendipity_event_creativecommons.php, (6) serendipity_event_emoticate/serendipity_event_emoticate.php, (7) serendipity_event_entryproperties/serendipity_event_entryproperties.php, (8) serendipity_event_karma/serendipity_event_karma.php, (9) serendipity_event_livesearch/serendipity_event_livesearch.php, (10) serendipity_event_mailer/serendipity_event_mailer.php, (11) serendipity_event_nl2br/serendipity_event_nl2br.php, (12) serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php, (13) serendipity_event_searchhighlight/serendipity_event_searchhighlight.php, (14) serendipity_event_spamblock/serendipity_event_spamblock.php, (15) serendipity_event_spartacus/serendipity_event_spartacus.php, (16) serendipity_event_statistics/serendipity_plugin_statistics.php, (17) serendipity_event_templatechooser/serendipity_event_templatechooser.php, (18) serendipity_event_textile/serendipity_event_textile.php, (19) serendipity_event_textwiki/serendipity_event_textwiki.php, (20) serendipity_event_trackexits/serendipity_event_trackexits.php, (21) serendipity_event_weblogping/serendipity_event_weblogping.php, (22) serendipity_event_xhtmlcleanup/serendipity_event_xhtmlcleanup.php, (23) serendipity_plugin_comments/serendipity_plugin_comments.php, (24) serendipity_plugin_creativecommons/serendipity_plugin_creativecommons.php, (25) serendipity_plugin_entrylinks/serendipity_plugin_entrylinks.php, (26) serendipity_plugin_eventwrapper/serendipity_plugin_eventwrapper.php, (27) serendipity_plugin_history/serendipity_plugin_history.php, (28) serendipity_plugin_recententries/serendipity_plugin_recententries.php, (29) serendipity_plugin_remoterss/serendipity_plugin_remoterss.php, (30) serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php, and (31) serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php."
}
],
"evaluatorSolution": "Successful exploitation requires that \"register_globals\" is enabled.\r\nThis vulnerability is addressed in the following product release:\r\nS9Y, Serendipity, 1.0.4",
"id": "CVE-2006-6242",
"lastModified": "2024-11-21T00:22:14.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-03T19:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.s9y.org/forums/viewtopic.php?t=7922"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/21367"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4782"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30615"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.s9y.org/forums/viewtopic.php?t=7922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/21367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2869"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-23 16:59
Modified
2024-11-21 02:27
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F316F3-A675-4961-B1EC-DB64F6505687",
"versionEndIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en templates/2k11/admin/entries.tpl en Serendipity anterior a 2.0.1 permite a editores remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s del par\u00e1metro serendipity[cat][name] en serendipity_admin.php, cuando crea una categor\u00eda nueva."
}
],
"id": "CVE-2015-2289",
"lastModified": "2024-11-21T02:27:09.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-03-23T16:59:01.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130838/Serendipity-CMS-2.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534871/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1031961"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/s9y/Serendipity/commit/a30886d3bb9d8eeb6698948864c77caaa982435d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130838/Serendipity-CMS-2.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/03/14/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534871/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/s9y/Serendipity/commit/a30886d3bb9d8eeb6698948864c77caaa982435d"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-01 11:59
Modified
2024-11-21 03:01
Severity ?
Summary
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B92E31B-BBE7-4C4B-9369-EBDD59B9D34D",
"versionEndIncluding": "2.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code."
},
{
"lang": "es",
"value": "En Serendipity en versiones anteriores a 2.0.5, un atacante puede eludir la protecci\u00f3n SSRF utilizando una direcci\u00f3n IP malformada (e.g., http://127.1) o un c\u00f3digo de estado HTTP 30x (tambi\u00e9n conocido como Redirection)."
}
],
"id": "CVE-2016-9752",
"lastModified": "2024-11-21T03:01:42.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-01T11:59:11.120",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/94622"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/commit/fbdd50a448ed87ba34ea8c56446b8f1873eadd6f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/commit/fbdd50a448ed87ba34ea8c56446b8f1873eadd6f"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-24 18:59
Modified
2024-11-21 03:33
Severity ?
Summary
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2017/Apr/44 | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/s9y/Serendipity/issues/456 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Apr/44 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/s9y/Serendipity/issues/456 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6F3A96D8-7D15-4365-A30D-FD4A72D3141B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin\u0027s cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin."
},
{
"lang": "es",
"value": "XSS almacenado en Serendipity v2.1-rc1 permite a un atacante robar una cookie de un administrador y otra informaci\u00f3n componiendo una nueva entrada como un usuario editor. Esto est\u00e1 relacionado con la falta del plugin serendipity_event_xsstrust plugin y un error set_config en ese plugin."
}
],
"id": "CVE-2017-8102",
"lastModified": "2024-11-21T03:33:19.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T18:59:00.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/44"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/issues/456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/issues/456"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-16 14:15
Modified
2025-01-23 17:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/s9y/2023/Serendipity-2.4-beta-1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/s9y/2023/Serendipity-2.4-beta-1 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 2.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79F75A97-EBF1-4767-B1F9-68F1ED7AA58B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file."
}
],
"id": "CVE-2023-31576",
"lastModified": "2025-01-23T17:15:10.933",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-16T14:15:09.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/s9y/2023/Serendipity-2.4-beta-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/s9y/2023/Serendipity-2.4-beta-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.7_beta1 | |
| s9y | serendipity | 0.7_beta2 | |
| s9y | serendipity | 0.7_beta3 | |
| s9y | serendipity | 0.7_beta4 | |
| s9y | serendipity | 0.7_rc1 | |
| s9y | serendipity | 0.8_beta5 | |
| s9y | serendipity | 0.8_beta6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C28957-2724-406D-BAD4-DDCDE8CFA843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE669F3-75FA-4237-8424-109FE52F59ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "18814B9C-FE3E-4BB4-99E5-E3A88666B0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "E80A9CDA-C3E2-474F-8E43-440C72B0E8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "15CFA451-FFD4-452D-A744-5FDA80379BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "F29716C7-2882-4B69-A4F8-BDBF0FB9CF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A455F8B9-8A31-4BF1-895B-5D4579BE9C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"id": "CVE-2005-1448",
"lastModified": "2024-11-20T23:57:22.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15145"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/15876"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.s9y.org/63.html#A9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/13411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/15876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.s9y.org/63.html#A9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/13411"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-31 22:59
Modified
2024-11-21 02:20
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "02615AD2-1084-410E-9256-8ABC77A9CB67",
"versionEndIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en templates/2k11/admin/overview.inc.tpl en Serendipity anterior a 2.0-rc2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un comentario en un blog en QUERY_STRING en serendipity/index.php."
}
],
"id": "CVE-2014-9432",
"lastModified": "2024-11-21T02:20:52.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-31T22:59:08.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/108"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534315/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99464"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534315/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-19 21:10
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * | |
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.8 | |
| s9y | serendipity | 0.8.1 | |
| s9y | serendipity | 0.8.2 | |
| s9y | serendipity | 0.8.3 | |
| s9y | serendipity | 0.8.4 | |
| s9y | serendipity | 0.8.5 | |
| s9y | serendipity | 0.9 | |
| s9y | serendipity | 0.9.1 | |
| s9y | serendipity | 1.0 | |
| s9y | serendipity | 1.0.1 | |
| s9y | serendipity | 1.0.2 | |
| s9y | serendipity | 1.0.3 | |
| s9y | serendipity | 1.0.4 | |
| s9y | serendipity | 1.1 | |
| s9y | serendipity | 1.1.1 | |
| s9y | serendipity | 1.1.2 | |
| s9y | serendipity | 1.1.3 | |
| s9y | serendipity | 1.1.4 | |
| s9y | serendipity | 1.2 | |
| s9y | serendipity | 1.2.1 | |
| s9y | serendipity | 1.3 | |
| s9y | serendipity | 1.3.1 | |
| s9y | serendipity | 1.4 | |
| s9y | serendipity | 1.4.1 | |
| s9y | serendipity | 1.5.1 | |
| s9y | serendipity | 1.5.2 | |
| s9y | serendipity | 1.5.3 | |
| s9y | serendipity | 1.5.4 | |
| s9y | serendipity | 1.5.5 | |
| s9y | serendipity | 1.6 | |
| s9y | serendipity | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4360648-EF41-44AA-B8A3-605E2E779A8F",
"versionEndIncluding": "1.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2FF146-8CEF-48C8-81A3-08B4736DC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5986FA95-D0F8-4E41-A445-F2F0EFEE872A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22A4B77F-67DC-4D25-8948-0C0B59C38E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E24AD8E2-AEB7-4D73-9B15-AE0B293A0825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5193D1-4BB6-4B2C-8361-BA1C7BE7524B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B62B695-74A2-49AA-87EF-38F129A94755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4ACB96-F32D-40E2-A9F3-A3CD78658C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B027CFC-5E0E-45D3-82BC-8F59F386D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C6CB12-9D14-4D5C-8FC0-02179436B487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23D55BCF-58D1-48D8-9BA2-2884F6126F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "707176E4-B735-4A6A-AC7D-01250663D25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0132EF3F-F9D8-4CEC-A774-4929B4DE6E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2217392-37F3-4CC6-85DE-33CB8841814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "706E7CF6-C396-4A19-B87C-05BA8C8D9EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C422BF-FBDE-4DD2-BB55-868B19890479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E92848-05FA-45EE-BD8A-98E337131892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96AD0492-E4D4-4A43-80EF-5F38F62DFF25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B176479-5EFB-4943-801A-676B74C04DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D68BD0B3-FB77-4288-93F4-2E018789D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CE765-5EA9-4E38-8EB4-2913CEBE5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91A8DDF5-F344-4810-AAFA-31085CC8ED01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8058BE3F-6C1E-4B6D-922D-909022D897CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE5B0BC-C4CC-4B2C-AF6F-44E1680316CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF273FA-FBAE-416B-A7C6-248A73796485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0276D632-867C-47DF-B377-DCCA7A25030C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3D0674-7B1B-4250-8D02-DBAB80FD4B5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F45A97DF-79AD-416A-A682-06264E077C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en serendipity_admin_image_selector.php en Serendipity 1.6.2 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s del par\u00e1metro serendipity[htmltarget]."
}
],
"id": "CVE-2013-5314",
"lastModified": "2024-11-21T01:57:17.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-19T21:10:49.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0135.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.mavitunasecurity.com/xss-vulnerabilities-in-serendipity"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0135.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.mavitunasecurity.com/xss-vulnerabilities-in-serendipity"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-28 20:44
Modified
2024-11-21 00:41
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5 | |
| s9y | serendipity | 0.5_pl1 | |
| s9y | serendipity | 0.6 | |
| s9y | serendipity | 0.6_pl1 | |
| s9y | serendipity | 0.6_pl2 | |
| s9y | serendipity | 0.6_pl3 | |
| s9y | serendipity | 0.6_rc1 | |
| s9y | serendipity | 0.6_rc2 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.7_beta1 | |
| s9y | serendipity | 0.7_beta2 | |
| s9y | serendipity | 0.7_beta3 | |
| s9y | serendipity | 0.7_beta4 | |
| s9y | serendipity | 0.7_rc1 | |
| s9y | serendipity | 0.8 | |
| s9y | serendipity | 0.8.1 | |
| s9y | serendipity | 0.8.2 | |
| s9y | serendipity | 0.8_beta_6_snapshot | |
| s9y | serendipity | 0.8_beta5 | |
| s9y | serendipity | 0.8_beta6 | |
| s9y | serendipity | 0.9.1 | |
| s9y | serendipity | 1.0.3 | |
| s9y | serendipity | 1.0.4 | |
| s9y | serendipity | 1.0_beta2 | |
| s9y | serendipity | 1.0_beta3 | |
| s9y | serendipity | 1.1.1 | |
| s9y | serendipity | 1.1.3 | |
| s9y | serendipity | 1.1.4 | |
| s9y | serendipity | 1.2 | |
| s9y | serendipity | 1.2.1 | |
| s9y | serendipity | 1.2__beta5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DCAE37-B4E9-490E-B441-CA6DD4DBBE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7930F0-59AD-45D6-B79D-92DB88EFF4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "75786060-F4F7-4491-8239-2081EBD3AE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "742C3558-301D-4930-859F-7A8AAC231689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "41A56925-4CE9-4843-94BE-E35DBF6CFA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "785115A5-380A-462E-88F6-718320DD7E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C28957-2724-406D-BAD4-DDCDE8CFA843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE669F3-75FA-4237-8424-109FE52F59ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "18814B9C-FE3E-4BB4-99E5-E3A88666B0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "E80A9CDA-C3E2-474F-8E43-440C72B0E8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "15CFA451-FFD4-452D-A744-5FDA80379BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta_6_snapshot:*:*:*:*:*:*:*",
"matchCriteriaId": "79995783-EFF9-486A-9556-709595EEE31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "F29716C7-2882-4B69-A4F8-BDBF0FB9CF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A455F8B9-8A31-4BF1-895B-5D4579BE9C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B027CFC-5E0E-45D3-82BC-8F59F386D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C6CB12-9D14-4D5C-8FC0-02179436B487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF5283A-C29F-47FC-BC9B-6F521A2A12C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDB172B-17ED-4984-BBCD-91411967FC42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "707176E4-B735-4A6A-AC7D-01250663D25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2217392-37F3-4CC6-85DE-33CB8841814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "706E7CF6-C396-4A19-B87C-05BA8C8D9EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C422BF-FBDE-4DD2-BB55-868B19890479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E92848-05FA-45EE-BD8A-98E337131892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2__beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "ED377FC0-93AE-4AA0-B92F-AEB8E2FC9ED8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the \"Real name\" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Serendipity (S9Y) anterior a 1.3-beta 1, permite a usuarios autenticados remotamente inyectar secuencias de comandos Web de su elecci\u00f3n o HTML a trav\u00e9s de (1) el campo \"Real name\" de Personal Settings, el cu\u00e1l es mostrado a los lectores de los art\u00edculos; o (2) la subida de un fichero, como se ha demostrado mediante un fichero .htm, .html, o .js."
}
],
"id": "CVE-2008-0124",
"lastModified": "2024-11-21T00:41:13.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-28T20:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://int21.de/cve/CVE-2008-0124-s9y.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29128"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29502"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28003"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019502"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0700/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://int21.de/cve/CVE-2008-0124-s9y.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0700/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40851"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-04-13 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5 | |
| s9y | serendipity | 0.5_pl1 | |
| s9y | serendipity | 0.6 | |
| s9y | serendipity | 0.6_pl1 | |
| s9y | serendipity | 0.6_pl2 | |
| s9y | serendipity | 0.6_pl3 | |
| s9y | serendipity | 0.6_rc1 | |
| s9y | serendipity | 0.6_rc2 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7_beta1 | |
| s9y | serendipity | 0.7_beta2 | |
| s9y | serendipity | 0.7_beta3 | |
| s9y | serendipity | 0.7_beta4 | |
| s9y | serendipity | 0.7_rc1 | |
| s9y | serendipity | 0.8_beta5 | |
| s9y | serendipity | 0.8_beta6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DCAE37-B4E9-490E-B441-CA6DD4DBBE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7930F0-59AD-45D6-B79D-92DB88EFF4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "75786060-F4F7-4491-8239-2081EBD3AE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "742C3558-301D-4930-859F-7A8AAC231689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "41A56925-4CE9-4843-94BE-E35DBF6CFA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "785115A5-380A-462E-88F6-718320DD7E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C28957-2724-406D-BAD4-DDCDE8CFA843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE669F3-75FA-4237-8424-109FE52F59ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "18814B9C-FE3E-4BB4-99E5-E3A88666B0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "E80A9CDA-C3E2-474F-8E43-440C72B0E8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "15CFA451-FFD4-452D-A744-5FDA80379BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "F29716C7-2882-4B69-A4F8-BDBF0FB9CF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A455F8B9-8A31-4BF1-895B-5D4579BE9C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters."
}
],
"id": "CVE-2005-1134",
"lastModified": "2024-11-20T23:56:41.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-04-13T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/lists/bugtraq/2005/Apr/0195.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15145"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1013699"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/15542"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.s9y.org/5.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.s9y.org/63.html#A9"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13161"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/lists/bugtraq/2005/Apr/0195.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1013699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/15542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.s9y.org/5.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.s9y.org/63.html#A9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20119"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-24 18:59
Modified
2024-11-21 03:33
Severity ?
Summary
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2017/Apr/52 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/s9y/Serendipity/issues/452 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Apr/52 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/s9y/Serendipity/issues/452 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 2.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "62698057-2D97-42F0-913C-76CB939804FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request."
},
{
"lang": "es",
"value": "Hay CSRF en Serendipity 2.0.5, permitiendo a atacantes instalar cualquier tema a trav\u00e9s de una solicitud GET."
}
],
"id": "CVE-2017-8101",
"lastModified": "2024-11-21T03:33:19.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T18:59:00.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/52"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/issues/452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Apr/52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/s9y/Serendipity/issues/452"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5 | |
| s9y | serendipity | 0.5_pl1 | |
| s9y | serendipity | 0.6 | |
| s9y | serendipity | 0.6_pl1 | |
| s9y | serendipity | 0.6_pl2 | |
| s9y | serendipity | 0.6_pl3 | |
| s9y | serendipity | 0.6_rc1 | |
| s9y | serendipity | 0.6_rc2 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7_beta1 | |
| s9y | serendipity | 0.7_beta2 | |
| s9y | serendipity | 0.7_beta3 | |
| s9y | serendipity | 0.7_beta4 | |
| s9y | serendipity | 0.7_rc1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DCAE37-B4E9-490E-B441-CA6DD4DBBE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7930F0-59AD-45D6-B79D-92DB88EFF4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "75786060-F4F7-4491-8239-2081EBD3AE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "742C3558-301D-4930-859F-7A8AAC231689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "41A56925-4CE9-4843-94BE-E35DBF6CFA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "785115A5-380A-462E-88F6-718320DD7E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C28957-2724-406D-BAD4-DDCDE8CFA843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE669F3-75FA-4237-8424-109FE52F59ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "18814B9C-FE3E-4BB4-99E5-E3A88666B0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "E80A9CDA-C3E2-474F-8E43-440C72B0E8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "15CFA451-FFD4-452D-A744-5FDA80379BF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable."
}
],
"id": "CVE-2004-2525",
"lastModified": "2024-11-20T23:53:34.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13357"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1012383"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1076762\u0026group_id=75065\u0026atid=542822"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/12177"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11790"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1012383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1076762\u0026group_id=75065\u0026atid=542822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/12177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18322"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-16 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D005EE-D639-44A8-9522-DED5F5099B6E",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en js/2k11.min.js en el tema 2k11 en Serendipity en versiones anteriores a 2.0.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un nombre de usuario en un comentario, lo cual no es manejado adecuadamente en un enlace Reply."
}
],
"id": "CVE-2015-6969",
"lastModified": "2024-11-21T02:35:57.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-09-16T14:59:11.040",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Persistent-XSS-51.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133427/Serendipity-2.0.1-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Persistent-XSS-51.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133427/Serendipity-2.0.1-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-14 07:59
Modified
2024-11-21 03:27
Severity ?
Summary
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/95656 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/s9y/Serendipity/issues/439 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95656 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/s9y/Serendipity/issues/439 | Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C50710-D1C1-4D98-8905-2331437E2C29",
"versionEndIncluding": "2.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments."
},
{
"lang": "es",
"value": "comment.php en Serendipity hasta la versi\u00f3n 2.0.5 permite CSRF en la eliminaci\u00f3n de cualquier comentario."
}
],
"id": "CVE-2017-5475",
"lastModified": "2024-11-21T03:27:42.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-14T07:59:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95656"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/s9y/Serendipity/issues/439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/s9y/Serendipity/issues/439"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-20 18:06
Modified
2024-11-21 00:10
Severity ?
Summary
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 1.0_beta2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF5283A-C29F-47FC-BC9B-6F521A2A12C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"id": "CVE-2006-1910",
"lastModified": "2024-11-21T00:10:04.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-20T18:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17566"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-05 21:15
Modified
2024-11-21 01:25
Severity ?
Summary
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html | Release Notes, Third Party Advisory, Vendor Advisory | |
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 | Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2011-1135 | Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2011/03/02/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html | Release Notes, Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2011-1135 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2011/03/02/5 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD48E1B9-A52A-4E72-805E-A7D5994D1E90",
"versionEndExcluding": "1.5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Xinha, como se incluye en el paquete Serendipity versiones anteriores a la versi\u00f3n 1.5.5, permite a atacantes remotos ejecutar c\u00f3digo arbitrario en los archivos plugins/ExtendedFileManager/manager.php y plugins/ImageManager/manager.php."
}
],
"id": "CVE-2011-1135",
"lastModified": "2024-11-21T01:25:37.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T21:15:10.853",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1135"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/03/02/5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-16 04:29
Modified
2024-11-21 02:44
Severity ?
Summary
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.exploit-db.com/exploits/40650 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40650 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 2.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "33992EC4-1E16-4A2D-9913-C7A6EE4C691E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter."
},
{
"lang": "es",
"value": "Serendipity 2.0.4 tiene Cross-Site Scripting (XSS) mediante el par\u00e1metro serendipity[body] en serendipity_admin.php."
}
],
"id": "CVE-2016-10737",
"lastModified": "2024-11-21T02:44:37.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T04:29:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40650"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-24 16:30
Modified
2024-11-21 01:09
Severity ?
Summary
Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * | |
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5 | |
| s9y | serendipity | 0.5 | |
| s9y | serendipity | 0.6 | |
| s9y | serendipity | 0.6 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.8 | |
| s9y | serendipity | 0.8.1 | |
| s9y | serendipity | 0.8.2 | |
| s9y | serendipity | 0.8.3 | |
| s9y | serendipity | 0.8.4 | |
| s9y | serendipity | 0.8.5 | |
| s9y | serendipity | 0.9 | |
| s9y | serendipity | 0.9.1 | |
| s9y | serendipity | 1.0 | |
| s9y | serendipity | 1.0.1 | |
| s9y | serendipity | 1.0.2 | |
| s9y | serendipity | 1.0.3 | |
| s9y | serendipity | 1.0.4 | |
| s9y | serendipity | 1.1 | |
| s9y | serendipity | 1.1 | |
| s9y | serendipity | 1.1.1 | |
| s9y | serendipity | 1.1.2 | |
| s9y | serendipity | 1.1.3 | |
| s9y | serendipity | 1.1.4 | |
| s9y | serendipity | 1.2 | |
| s9y | serendipity | 1.2.1 | |
| s9y | serendipity | 1.3 | |
| s9y | serendipity | 1.3.1 | |
| s9y | serendipity | 1.4 | |
| s9y | serendipity | 1.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F0F5F27E-C1FB-4E45-AAD4-4E9DE2589A3C",
"versionEndIncluding": "1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DCAE37-B4E9-490E-B441-CA6DD4DBBE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5:pl1:*:*:*:*:*:*",
"matchCriteriaId": "5A65D59D-DDFF-4551-987C-D449A4C6F57A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7930F0-59AD-45D6-B79D-92DB88EFF4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:pl3:*:*:*:*:*:*",
"matchCriteriaId": "894A8EF2-0014-49CB-9947-65E1C3CDE0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2FF146-8CEF-48C8-81A3-08B4736DC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5986FA95-D0F8-4E41-A445-F2F0EFEE872A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22A4B77F-67DC-4D25-8948-0C0B59C38E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E24AD8E2-AEB7-4D73-9B15-AE0B293A0825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5193D1-4BB6-4B2C-8361-BA1C7BE7524B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B62B695-74A2-49AA-87EF-38F129A94755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4ACB96-F32D-40E2-A9F3-A3CD78658C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B027CFC-5E0E-45D3-82BC-8F59F386D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C6CB12-9D14-4D5C-8FC0-02179436B487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23D55BCF-58D1-48D8-9BA2-2884F6126F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C38FD28F-ACEA-4F2D-9CD8-A35349FCF9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "707176E4-B735-4A6A-AC7D-01250663D25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0132EF3F-F9D8-4CEC-A774-4929B4DE6E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2217392-37F3-4CC6-85DE-33CB8841814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "706E7CF6-C396-4A19-B87C-05BA8C8D9EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C422BF-FBDE-4DD2-BB55-868B19890479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E92848-05FA-45EE-BD8A-98E337131892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96AD0492-E4D4-4A43-80EF-5F38F62DFF25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B176479-5EFB-4943-801A-676B74C04DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D68BD0B3-FB77-4288-93F4-2E018789D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CE765-5EA9-4E38-8EB4-2913CEBE5F44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de subida de ficheros sin restricciones Serendipity anterior v1.5 permite a usuarios utenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n por carga de un fichero con una extensi\u00f3n ejecutable seguida por una extensi\u00f3n segura, luego accede a \u00e9l a trav\u00e9s de una petici\u00f3n directa en un archivo en un directorio no especificado. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2009-4412",
"lastModified": "2024-11-21T01:09:35.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-24T16:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.s9y.org/archives/211-Serendipity-1.5-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61245"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37830"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/12/21/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3626"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.s9y.org/archives/211-Serendipity-1.5-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/12/21/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54985"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-24 00:55
Modified
2024-11-21 01:31
Severity ?
Summary
Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 1.5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0276D632-867C-47DF-B377-DCCA7A25030C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files."
},
{
"lang": "es",
"value": "Serendipity v1.5.5 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con templates/newspaper/layout.php y algunos otros archivos."
}
],
"id": "CVE-2011-3800",
"lastModified": "2024-11-21T01:31:17.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-24T00:55:03.207",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/serendipity-1.5.5"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/serendipity-1.5.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5_pl1 | |
| s9y | serendipity | 0.6_pl3 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.7_beta1 | |
| s9y | serendipity | 0.7_beta2 | |
| s9y | serendipity | 0.7_beta3 | |
| s9y | serendipity | 0.7_beta4 | |
| s9y | serendipity | 0.7_rc1 | |
| s9y | serendipity | 0.8_beta_5 | |
| s9y | serendipity | 0.8_beta_6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C28957-2724-406D-BAD4-DDCDE8CFA843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE669F3-75FA-4237-8424-109FE52F59ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "18814B9C-FE3E-4BB4-99E5-E3A88666B0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "E80A9CDA-C3E2-474F-8E43-440C72B0E8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "15CFA451-FFD4-452D-A744-5FDA80379BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7D7B6-21E6-4E68-B37C-F0198B6A1A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "1C352E0E-D115-495F-BFF9-9FDDFA7C636A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files."
}
],
"id": "CVE-2005-1451",
"lastModified": "2024-11-20T23:57:22.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15145"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/15878"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.s9y.org/63.html#A9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/15878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.s9y.org/63.html#A9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-26 05:15
Modified
2024-11-21 01:31
Severity ?
Summary
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2011-4090 | Broken Link | |
| secalert@redhat.com | https://seclists.org/oss-sec/2011/q4/176 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2011-4090 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2011-4090 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/oss-sec/2011/q4/176 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2011-4090 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC79E35C-C6EA-4048-9106-12635DD9CEC0",
"versionEndExcluding": "1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation."
},
{
"lang": "es",
"value": "Serendipity versiones anteriores a 1.6, presenta un problema de tipo XSS en el plugin karma que puede permitir una escalada de privilegios."
}
],
"id": "CVE-2011-4090",
"lastModified": "2024-11-21T01:31:49.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T05:15:12.977",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/oss-sec/2011/q4/176"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/oss-sec/2011/q4/176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-07 19:55
Modified
2024-11-21 01:39
Severity ?
Summary
SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * | |
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.8 | |
| s9y | serendipity | 0.8.1 | |
| s9y | serendipity | 0.8.2 | |
| s9y | serendipity | 0.8.3 | |
| s9y | serendipity | 0.8.4 | |
| s9y | serendipity | 0.8.5 | |
| s9y | serendipity | 0.9 | |
| s9y | serendipity | 0.9.1 | |
| s9y | serendipity | 1.0 | |
| s9y | serendipity | 1.0.1 | |
| s9y | serendipity | 1.0.2 | |
| s9y | serendipity | 1.0.3 | |
| s9y | serendipity | 1.0.4 | |
| s9y | serendipity | 1.1 | |
| s9y | serendipity | 1.1.1 | |
| s9y | serendipity | 1.1.2 | |
| s9y | serendipity | 1.1.3 | |
| s9y | serendipity | 1.1.4 | |
| s9y | serendipity | 1.2 | |
| s9y | serendipity | 1.2.1 | |
| s9y | serendipity | 1.3 | |
| s9y | serendipity | 1.3.1 | |
| s9y | serendipity | 1.4 | |
| s9y | serendipity | 1.4.1 | |
| s9y | serendipity | 1.5.1 | |
| s9y | serendipity | 1.5.2 | |
| s9y | serendipity | 1.5.3 | |
| s9y | serendipity | 1.5.4 | |
| s9y | serendipity | 1.5.5 | |
| s9y | serendipity | 1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EB9959-D4F4-4895-9F4A-A39A3CF928A1",
"versionEndIncluding": "1.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2FF146-8CEF-48C8-81A3-08B4736DC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5986FA95-D0F8-4E41-A445-F2F0EFEE872A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22A4B77F-67DC-4D25-8948-0C0B59C38E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E24AD8E2-AEB7-4D73-9B15-AE0B293A0825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5193D1-4BB6-4B2C-8361-BA1C7BE7524B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B62B695-74A2-49AA-87EF-38F129A94755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4ACB96-F32D-40E2-A9F3-A3CD78658C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B027CFC-5E0E-45D3-82BC-8F59F386D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C6CB12-9D14-4D5C-8FC0-02179436B487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23D55BCF-58D1-48D8-9BA2-2884F6126F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "707176E4-B735-4A6A-AC7D-01250663D25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0132EF3F-F9D8-4CEC-A774-4929B4DE6E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2217392-37F3-4CC6-85DE-33CB8841814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "706E7CF6-C396-4A19-B87C-05BA8C8D9EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C422BF-FBDE-4DD2-BB55-868B19890479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E92848-05FA-45EE-BD8A-98E337131892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96AD0492-E4D4-4A43-80EF-5F38F62DFF25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B176479-5EFB-4943-801A-676B74C04DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D68BD0B3-FB77-4288-93F4-2E018789D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CE765-5EA9-4E38-8EB4-2913CEBE5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91A8DDF5-F344-4810-AAFA-31085CC8ED01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8058BE3F-6C1E-4B6D-922D-909022D897CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE5B0BC-C4CC-4B2C-AF6F-44E1680316CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF273FA-FBAE-416B-A7C6-248A73796485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0276D632-867C-47DF-B377-DCCA7A25030C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3D0674-7B1B-4250-8D02-DBAB80FD4B5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en include/functions_trackbacks.inc.php en Serendipity v1.6.2 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro URL en comment.php."
}
],
"id": "CVE-2012-2762",
"lastModified": "2024-11-21T01:39:35.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-07T19:55:09.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49234"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/82036"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53620"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027079"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75760"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/s9y/Serendipity/commit/87153991d06bc18fe4af05f97810487c4a340a92#diff-1"
},
{
"source": "cve@mitre.org",
"url": "https://www.htbridge.com/advisory/HTB23092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/82036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/s9y/Serendipity/commit/87153991d06bc18fe4af05f97810487c4a340a92#diff-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.htbridge.com/advisory/HTB23092"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-13 23:55
Modified
2024-11-21 01:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * | |
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.8 | |
| s9y | serendipity | 0.8.1 | |
| s9y | serendipity | 0.8.2 | |
| s9y | serendipity | 0.8.3 | |
| s9y | serendipity | 0.8.4 | |
| s9y | serendipity | 0.8.5 | |
| s9y | serendipity | 0.9 | |
| s9y | serendipity | 0.9.1 | |
| s9y | serendipity | 1.0 | |
| s9y | serendipity | 1.0.1 | |
| s9y | serendipity | 1.0.2 | |
| s9y | serendipity | 1.0.3 | |
| s9y | serendipity | 1.0.4 | |
| s9y | serendipity | 1.1 | |
| s9y | serendipity | 1.1.1 | |
| s9y | serendipity | 1.1.2 | |
| s9y | serendipity | 1.1.3 | |
| s9y | serendipity | 1.1.4 | |
| s9y | serendipity | 1.2 | |
| s9y | serendipity | 1.2.1 | |
| s9y | serendipity | 1.3 | |
| s9y | serendipity | 1.3.1 | |
| s9y | serendipity | 1.4 | |
| s9y | serendipity | 1.4.1 | |
| s9y | serendipity | 1.5.1 | |
| s9y | serendipity | 1.5.2 | |
| s9y | serendipity | 1.5.3 | |
| s9y | serendipity | 1.5.4 | |
| s9y | serendipity | 1.5.5 | |
| s9y | serendipity | 1.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3C0E3-1F0C-41AA-BE48-AB46CA35D4BE",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2FF146-8CEF-48C8-81A3-08B4736DC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5986FA95-D0F8-4E41-A445-F2F0EFEE872A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22A4B77F-67DC-4D25-8948-0C0B59C38E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E24AD8E2-AEB7-4D73-9B15-AE0B293A0825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5193D1-4BB6-4B2C-8361-BA1C7BE7524B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B62B695-74A2-49AA-87EF-38F129A94755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4ACB96-F32D-40E2-A9F3-A3CD78658C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B027CFC-5E0E-45D3-82BC-8F59F386D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C6CB12-9D14-4D5C-8FC0-02179436B487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23D55BCF-58D1-48D8-9BA2-2884F6126F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "707176E4-B735-4A6A-AC7D-01250663D25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0132EF3F-F9D8-4CEC-A774-4929B4DE6E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2217392-37F3-4CC6-85DE-33CB8841814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "706E7CF6-C396-4A19-B87C-05BA8C8D9EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C422BF-FBDE-4DD2-BB55-868B19890479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E92848-05FA-45EE-BD8A-98E337131892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96AD0492-E4D4-4A43-80EF-5F38F62DFF25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B176479-5EFB-4943-801A-676B74C04DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D68BD0B3-FB77-4288-93F4-2E018789D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CE765-5EA9-4E38-8EB4-2913CEBE5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91A8DDF5-F344-4810-AAFA-31085CC8ED01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8058BE3F-6C1E-4B6D-922D-909022D897CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE5B0BC-C4CC-4B2C-AF6F-44E1680316CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF273FA-FBAE-416B-A7C6-248A73796485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0276D632-867C-47DF-B377-DCCA7A25030C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F45A97DF-79AD-416A-A682-06264E077C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF)."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Serendipity/serendipity_admin_image_selector.php en Serendipity antes de v1.6.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro serendipity[textarea]. NOTA: este problema podr\u00eda ser resultante de una falsificaci\u00f3n de solicitudes en sitios cruzados(CSRF).\r\n"
}
],
"id": "CVE-2012-2331",
"lastModified": "2024-11-21T01:38:54.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-13T23:55:02.757",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html"
},
{
"source": "secalert@redhat.com",
"url": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49009"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/09/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53418"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/s9y/Serendipity/commit/264bf55719baacc069ff9d3cc35f0c349cde11e3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/s9y/Serendipity/commit/264bf55719baacc069ff9d3cc35f0c349cde11e3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-14 07:59
Modified
2024-11-21 03:27
Severity ?
Summary
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/95659 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/s9y/Serendipity/issues/439 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95659 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/s9y/Serendipity/issues/439 | Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C50710-D1C1-4D98-8905-2331437E2C29",
"versionEndIncluding": "2.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin."
},
{
"lang": "es",
"value": "Serendipity hasta la versi\u00f3n 2.0.5 permite CSRF para la instalaci\u00f3n de un plugin de evento o un plugin de barra lateral."
}
],
"id": "CVE-2017-5476",
"lastModified": "2024-11-21T03:27:42.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-14T07:59:00.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95659"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/s9y/Serendipity/issues/439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/s9y/Serendipity/issues/439"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.7_beta1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C28957-2724-406D-BAD4-DDCDE8CFA843",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php."
}
],
"id": "CVE-2004-2158",
"lastModified": "2024-11-20T23:52:38.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12673/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1011448"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/10370"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/10371"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11269"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12673/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1011448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/10370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/10371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17533"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-04 22:02
Modified
2024-11-21 00:01
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB43FCB-33D2-459B-B95C-70451E779520",
"versionEndIncluding": "0.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php."
}
],
"id": "CVE-2005-3129",
"lastModified": "2024-11-21T00:01:11.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-10-04T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037580.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112801570631203\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17011/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037580.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112801570631203\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22456"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-25 17:59
Modified
2024-11-21 03:01
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/95095 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/s9y/Serendipity/commit/e2a665e13b7de82a71c9bbb77575d15131b722be | Patch, Vendor Advisory | |
| cve@mitre.org | https://smarterbitbybit.com/cve-2016-9681-serendipity-cms-xss-vulnerability-in-version-2-0-4/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95095 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/s9y/Serendipity/commit/e2a665e13b7de82a71c9bbb77575d15131b722be | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://smarterbitbybit.com/cve-2016-9681-serendipity-cms-xss-vulnerability-in-version-2-0-4/ | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B92E31B-BBE7-4C4B-9369-EBDD59B9D34D",
"versionEndIncluding": "2.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Serendipity en versiones anteriores a 2.0.5 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un nombre de categor\u00eda o directorio."
}
],
"id": "CVE-2016-9681",
"lastModified": "2024-11-21T03:01:36.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-25T17:59:00.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95095"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/s9y/Serendipity/commit/e2a665e13b7de82a71c9bbb77575d15131b722be"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://smarterbitbybit.com/cve-2016-9681-serendipity-cms-xss-vulnerability-in-version-2-0-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/s9y/Serendipity/commit/e2a665e13b7de82a71c9bbb77575d15131b722be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://smarterbitbybit.com/cve-2016-9681-serendipity-cms-xss-vulnerability-in-version-2-0-4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-23 13:05
Modified
2024-11-21 00:44
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * | |
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5_pl1 | |
| s9y | serendipity | 0.6_pl3 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.8 | |
| s9y | serendipity | 0.8.1 | |
| s9y | serendipity | 0.8.2 | |
| s9y | serendipity | 0.8.3 | |
| s9y | serendipity | 0.8.4 | |
| s9y | serendipity | 0.8.5 | |
| s9y | serendipity | 0.9 | |
| s9y | serendipity | 0.9.1 | |
| s9y | serendipity | 1.0 | |
| s9y | serendipity | 1.0.1 | |
| s9y | serendipity | 1.0.2 | |
| s9y | serendipity | 1.0.3 | |
| s9y | serendipity | 1.0.4 | |
| s9y | serendipity | 1.1 | |
| s9y | serendipity | 1.1.1 | |
| s9y | serendipity | 1.1.2 | |
| s9y | serendipity | 1.1.3 | |
| s9y | serendipity | 1.1.4 | |
| s9y | serendipity | 1.2 | |
| s9y | serendipity | 1.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37C68AE2-6841-4FF8-BECB-6381224C2C3E",
"versionEndIncluding": "1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2FF146-8CEF-48C8-81A3-08B4736DC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5986FA95-D0F8-4E41-A445-F2F0EFEE872A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22A4B77F-67DC-4D25-8948-0C0B59C38E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E24AD8E2-AEB7-4D73-9B15-AE0B293A0825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5193D1-4BB6-4B2C-8361-BA1C7BE7524B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B62B695-74A2-49AA-87EF-38F129A94755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4ACB96-F32D-40E2-A9F3-A3CD78658C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B027CFC-5E0E-45D3-82BC-8F59F386D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C6CB12-9D14-4D5C-8FC0-02179436B487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23D55BCF-58D1-48D8-9BA2-2884F6126F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "707176E4-B735-4A6A-AC7D-01250663D25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0132EF3F-F9D8-4CEC-A774-4929B4DE6E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2217392-37F3-4CC6-85DE-33CB8841814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "706E7CF6-C396-4A19-B87C-05BA8C8D9EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C422BF-FBDE-4DD2-BB55-868B19890479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E92848-05FA-45EE-BD8A-98E337131892",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en el plugin Top Referers (tambi\u00e9n conocido como referrer) de Serendipity (S9Y) anterior a 1.3.1 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de una cabecera HTTP Referer."
}
],
"id": "CVE-2008-1385",
"lastModified": "2024-11-21T00:44:25.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-23T13:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://int21.de/cve/CVE-2008-1385-s9y.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29942"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/28885"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019915"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1348/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://int21.de/cve/CVE-2008-1385-s9y.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/28885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1348/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41965"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-16 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D005EE-D639-44A8-9522-DED5F5099B6E",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de lista negra incompleta en la funci\u00f3n serendipity_isActiveFile en include/functions_images.inc.php en Serendipity en versiones anteriores a 2.0.2, permite a usuarios remotos autenticados ejecutar c\u00f3digo PHP arbitrario mediante la carga de un archivo con una extensi\u00f3n (1) .pht o (2) .phtml."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/434.html\"\u003eCWE-434: Unrestricted Upload of File with Dangerous Type\u003c/a\u003e",
"id": "CVE-2015-6968",
"lastModified": "2024-11-21T02:35:57.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-16T14:59:10.150",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.curesec.com/article/blog/Serendipity-201-Code-Execution-48.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/265-Serendipity-2.0.2-Security-Fix-Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133426/Serendipity-2.0.1-Shell-Upload.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-12 19:59
Modified
2024-11-21 02:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A30A68-980A-451B-9A09-1138A84BEADC",
"versionEndIncluding": "2.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an \"edit\" admin action to serendipity_admin.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Serendipity en versiones anteriores a 2.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro serendipity[entry_id] en una acci\u00f3n de admin \"edit\" para serendipity_admin.php."
}
],
"evaluatorComment": "Per http://blog.s9y.org/archives/266-Serendipity-2.0.3-released.html:\n\"The issue only affects logged-in authors, where HTML can be inserted into the comment editing form when they click specially crafted links.Due to the required authentication we consider the issue of medium impact, but suggest everyone to perform the update.\"",
"id": "CVE-2015-8603",
"lastModified": "2024-11-21T02:38:47.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-12T19:59:12.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/266-Serendipity-2.0.3-released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/135164/Serendipity-2.0.2-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2016/Jan/18"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/537248/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.s9y.org/archives/266-Serendipity-2.0.3-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/135164/Serendipity-2.0.2-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2016/Jan/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537248/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-12 11:46
Modified
2024-11-21 01:15
Severity ?
Summary
The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xinha | wysiwyg_editor | 0.9 | |
| xinha | wysiwyg_editor | 0.91 | |
| xinha | wysiwyg_editor | 0.92 | |
| xinha | wysiwyg_editor | 0.93 | |
| xinha | wysiwyg_editor | 0.94 | |
| xinha | wysiwyg_editor | 0.95 | |
| xinha | wysiwyg_editor | 0.96 | |
| xinha | wysiwyg_editor | 0.96 | |
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5 | |
| s9y | serendipity | 0.6 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.8 | |
| s9y | serendipity | 0.8.1 | |
| s9y | serendipity | 0.8.2 | |
| s9y | serendipity | 0.8.3 | |
| s9y | serendipity | 0.8.4 | |
| s9y | serendipity | 0.8.5 | |
| s9y | serendipity | 0.9 | |
| s9y | serendipity | 0.9.1 | |
| s9y | serendipity | 1.0 | |
| s9y | serendipity | 1.0.1 | |
| s9y | serendipity | 1.0.2 | |
| s9y | serendipity | 1.0.3 | |
| s9y | serendipity | 1.0.4 | |
| s9y | serendipity | 1.1 | |
| s9y | serendipity | 1.1.1 | |
| s9y | serendipity | 1.1.2 | |
| s9y | serendipity | 1.1.3 | |
| s9y | serendipity | 1.1.4 | |
| s9y | serendipity | 1.2 | |
| s9y | serendipity | 1.2.1 | |
| s9y | serendipity | 1.3 | |
| s9y | serendipity | 1.3.1 | |
| s9y | serendipity | 1.4 | |
| s9y | serendipity | 1.4.1 | |
| s9y | serendipity | 1.5 | |
| s9y | serendipity | 1.5.1 | |
| s9y | serendipity | 1.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xinha:wysiwyg_editor:0.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "FC6539B7-3759-4BEC-A41E-963C639F3D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xinha:wysiwyg_editor:0.91:beta:*:*:*:*:*:*",
"matchCriteriaId": "E49B705C-DE5F-4DB5-96C6-3AA33B172A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xinha:wysiwyg_editor:0.92:beta:*:*:*:*:*:*",
"matchCriteriaId": "E63C90F4-78A4-4532-B85C-C619FC803F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xinha:wysiwyg_editor:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "0F303DC9-EDA4-4E99-8B8B-A1867F125A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xinha:wysiwyg_editor:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "E71A44B7-ADFA-4E2C-8744-DD55DE409ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xinha:wysiwyg_editor:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B59CDE-D0CE-42D5-9221-22F7B55BA4C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xinha:wysiwyg_editor:0.96:beta:*:*:*:*:*:*",
"matchCriteriaId": "0D96327E-17D2-4100-A9A6-BC5741FC5125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xinha:wysiwyg_editor:0.96:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25254A30-6E90-4232-9D68-491E0BB06141",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5:pl1:*:*:*:*:*:*",
"matchCriteriaId": "5A65D59D-DDFF-4551-987C-D449A4C6F57A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:pl3:*:*:*:*:*:*",
"matchCriteriaId": "894A8EF2-0014-49CB-9947-65E1C3CDE0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2FF146-8CEF-48C8-81A3-08B4736DC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5986FA95-D0F8-4E41-A445-F2F0EFEE872A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22A4B77F-67DC-4D25-8948-0C0B59C38E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E24AD8E2-AEB7-4D73-9B15-AE0B293A0825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5193D1-4BB6-4B2C-8361-BA1C7BE7524B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B62B695-74A2-49AA-87EF-38F129A94755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4ACB96-F32D-40E2-A9F3-A3CD78658C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B027CFC-5E0E-45D3-82BC-8F59F386D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C6CB12-9D14-4D5C-8FC0-02179436B487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23D55BCF-58D1-48D8-9BA2-2884F6126F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "707176E4-B735-4A6A-AC7D-01250663D25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0132EF3F-F9D8-4CEC-A774-4929B4DE6E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2217392-37F3-4CC6-85DE-33CB8841814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "706E7CF6-C396-4A19-B87C-05BA8C8D9EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C422BF-FBDE-4DD2-BB55-868B19890479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E92848-05FA-45EE-BD8A-98E337131892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96AD0492-E4D4-4A43-80EF-5F38F62DFF25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B176479-5EFB-4943-801A-676B74C04DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D68BD0B3-FB77-4288-93F4-2E018789D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CE765-5EA9-4E38-8EB4-2913CEBE5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CE962E7C-08A3-44E4-B06D-E00A03C3DB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91A8DDF5-F344-4810-AAFA-31085CC8ED01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8058BE3F-6C1E-4B6D-922D-909022D897CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the \"Deprecated config passing\" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin."
},
{
"lang": "es",
"value": "La funcionalidad de configuraci\u00f3n din\u00e1mica del editor Xinha WYSIWYG v0.96 Beta 2 y anteriores, como la utilizada en Serendipity v1.5.2 y anteriores, permite a atacantes remotos evitar las restricciones de acceso pretendidas y modificar la configuraci\u00f3n de complementos -plugins- de su elecci\u00f3n mediante (1) los par\u00e1metros modificados backend_config_secret_key_location y backend_config_hash que se utilizan en un hash SHA1 de un secreto compartido que pueden ser conocidos o influenciados externamente, los cuales no son manejados adecuadamente por la funcionalidad \"Deprecated config passing\"; o (2) las variables manipuladas backend_data y backend_data[key_location], las cuales no son manejadas adecuadamente por la funci\u00f3n xinha_read_passed_data. NOTA: Esto puede ser aprovechado para subir y puede que ejecutar los ficheros que se deseen mediante el fichero config.inc.php del complemento ImageManager plugin."
}
],
"id": "CVE-2010-1916",
"lastModified": "2024-11-21T01:15:27.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-12T11:46:40.313",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39782"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40124"
},
{
"source": "cve@mitre.org",
"url": "http://trac.xinha.org/ticket/1518"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/40033"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1401"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=591701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://trac.xinha.org/ticket/1518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=591701"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-23 13:05
Modified
2024-11-21 00:44
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96AD0492-E4D4-4A43-80EF-5F38F62DFF25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary web script or HTML via (1) unspecified path fields or (2) the database host field. NOTE: the timing window for exploitation of this issue might be limited."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados en el instalador de Serendepity (S9Y) 1.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) campos de ruta sin especificar o (2) el campo \"host\" de la base de datos. NOTA: la ventana de tiempo para vulnerar esta caracter\u00edstica podr\u00eda estar limitada."
}
],
"id": "CVE-2008-1386",
"lastModified": "2024-11-21T00:44:25.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-23T13:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
},
{
"source": "cve@mitre.org",
"url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://int21.de/cve/CVE-2008-1386-s9y.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/28885"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019915"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1348/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0590.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://int21.de/cve/CVE-2008-1386-s9y.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/491176/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/28885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1348/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41967"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.7_beta1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C28957-2724-406D-BAD4-DDCDE8CFA843",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field."
}
],
"id": "CVE-2004-2157",
"lastModified": "2024-11-20T23:52:38.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12673/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1011448"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11269"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12673/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1011448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17536"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-17 05:29
Modified
2024-11-21 03:04
Severity ?
Summary
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A04581-75DE-43E4-9BF4-04431DD3D3F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure"
},
{
"lang": "es",
"value": "Serendipity 2.0.3 es vulnerable a una inyecci\u00f3n de SQL en el componente blog, lo que resulta en una divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2017-1000129",
"lastModified": "2024-11-21T03:04:14.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-17T05:29:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.s9y.org/archives/269-Serendipity-2.0.4-and-2.1-beta2-released.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-11 20:46
Modified
2024-11-21 00:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| s9y | serendipity | 0.3 | |
| s9y | serendipity | 0.4 | |
| s9y | serendipity | 0.5 | |
| s9y | serendipity | 0.5_pl1 | |
| s9y | serendipity | 0.6 | |
| s9y | serendipity | 0.6_pl1 | |
| s9y | serendipity | 0.6_pl2 | |
| s9y | serendipity | 0.6_pl3 | |
| s9y | serendipity | 0.6_rc1 | |
| s9y | serendipity | 0.6_rc2 | |
| s9y | serendipity | 0.7 | |
| s9y | serendipity | 0.7.1 | |
| s9y | serendipity | 0.7_beta1 | |
| s9y | serendipity | 0.7_beta2 | |
| s9y | serendipity | 0.7_beta3 | |
| s9y | serendipity | 0.7_beta4 | |
| s9y | serendipity | 0.7_rc1 | |
| s9y | serendipity | 0.8 | |
| s9y | serendipity | 0.8.1 | |
| s9y | serendipity | 0.8.2 | |
| s9y | serendipity | 0.8.3 | |
| s9y | serendipity | 0.8.4 | |
| s9y | serendipity | 0.8.5 | |
| s9y | serendipity | 0.8_beta_5 | |
| s9y | serendipity | 0.8_beta_6 | |
| s9y | serendipity | 0.8_beta5 | |
| s9y | serendipity | 0.8_beta6 | |
| s9y | serendipity | 0.9 | |
| s9y | serendipity | 0.9.1 | |
| s9y | serendipity | 1.0.3 | |
| s9y | serendipity | 1.0.4 | |
| s9y | serendipity | 1.0_beta1 | |
| s9y | serendipity | 1.0_beta2 | |
| s9y | serendipity | 1.0_beta3 | |
| s9y | serendipity | 1.1.1 | |
| s9y | serendipity | 1.1.3 | |
| s9y | serendipity | 1.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62233D77-9838-48AB-9A2D-F4EAA9E237EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6F23BF-1C25-4A5E-9EC4-35A1A821A235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DCAE37-B4E9-490E-B441-CA6DD4DBBE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.5_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "F47E7512-FDB5-45F2-80B2-9BDAB856E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7930F0-59AD-45D6-B79D-92DB88EFF4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "75786060-F4F7-4491-8239-2081EBD3AE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl2:*:*:*:*:*:*:*",
"matchCriteriaId": "742C3558-301D-4930-859F-7A8AAC231689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_pl3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAFBFFE-DCBB-460A-9E43-9CC5A1046755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "41A56925-4CE9-4843-94BE-E35DBF6CFA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.6_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "785115A5-380A-462E-88F6-718320DD7E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "925A50B9-0CEF-42FF-8359-52BAFB4FEBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C739BCD2-1722-42E0-9560-752DBBF05BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "62C28957-2724-406D-BAD4-DDCDE8CFA843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE669F3-75FA-4237-8424-109FE52F59ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "18814B9C-FE3E-4BB4-99E5-E3A88666B0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "E80A9CDA-C3E2-474F-8E43-440C72B0E8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.7_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "15CFA451-FFD4-452D-A744-5FDA80379BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B7515A9A-1FD0-484E-97CB-5969729804DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40A451C0-D4D8-43FF-BFC9-E525138DCA37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1F8976-0691-4C47-9BA3-BC01BA808BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2FF146-8CEF-48C8-81A3-08B4736DC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5986FA95-D0F8-4E41-A445-F2F0EFEE872A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22A4B77F-67DC-4D25-8948-0C0B59C38E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta_5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F7D7B6-21E6-4E68-B37C-F0198B6A1A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta_6:*:*:*:*:*:*:*",
"matchCriteriaId": "1C352E0E-D115-495F-BFF9-9FDDFA7C636A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "F29716C7-2882-4B69-A4F8-BDBF0FB9CF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.8_beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "A455F8B9-8A31-4BF1-895B-5D4579BE9C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E24AD8E2-AEB7-4D73-9B15-AE0B293A0825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47CE7E31-9C42-434E-B1B7-F38966514405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B027CFC-5E0E-45D3-82BC-8F59F386D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C6CB12-9D14-4D5C-8FC0-02179436B487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "B618E746-146D-4FAC-B64F-F31447F821F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0_beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF5283A-C29F-47FC-BC9B-6F521A2A12C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.0_beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDB172B-17ED-4984-BBCD-91411967FC42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "707176E4-B735-4A6A-AC7D-01250663D25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2217392-37F3-4CC6-85DE-33CB8841814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:s9y:serendipity:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "706E7CF6-C396-4A19-B87C-05BA8C8D9EE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en el a\u00f1adido del lector RSS remoto de la barra lateral (serendipity_plugin_remoterss) en S9Y Serendipity before 1.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un enlace en un alimentador RSS."
}
],
"id": "CVE-2007-6205",
"lastModified": "2024-11-21T00:39:36.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-11T20:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.s9y.org/archives/187-Serendipity-1.2.1-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39143"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28012"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29502"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3437"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.int21.de/cve/CVE-2007-6205-s9y.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/484800/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26783"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4171"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.s9y.org/archives/187-Serendipity-1.2.1-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.int21.de/cve/CVE-2007-6205-s9y.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484800/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38947"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}