Vulnerabilites related to serendipity - serendipity
cve-2007-1326
Vulnerability from cvelistv5
Published
2007-03-07 21:00
Modified
2024-08-07 12:50
Severity ?
Summary
SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/32768vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/461671/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://osvdb.org/34935vdb-entry, x_refsource_OSVDB
http://securityreason.com/securityalert/2383third-party-advisory, x_refsource_SREASON
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:35.260Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "serendipity-index-sql-injection(32768)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
          },
          {
            "name": "20070301 Serendipity unauthenticated SQL-Injection",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
          },
          {
            "name": "34935",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34935"
          },
          {
            "name": "2383",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2383"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "serendipity-index-sql-injection(32768)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
        },
        {
          "name": "20070301 Serendipity unauthenticated SQL-Injection",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
        },
        {
          "name": "34935",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34935"
        },
        {
          "name": "2383",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2383"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "serendipity-index-sql-injection(32768)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
            },
            {
              "name": "20070301 Serendipity unauthenticated SQL-Injection",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
            },
            {
              "name": "34935",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/34935"
            },
            {
              "name": "2383",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2383"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1326",
    "datePublished": "2007-03-07T21:00:00",
    "dateReserved": "2007-03-07T00:00:00",
    "dateUpdated": "2024-08-07T12:50:35.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-6390
Vulnerability from cvelistv5
Published
2007-12-17 18:00
Modified
2024-08-07 16:02
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page.
References
http://secunia.com/advisories/28152third-party-advisory, x_refsource_SECUNIA
http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.htmlx_refsource_MISC
http://www.securityfocus.com/bid/26955vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:02:36.872Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28152",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28152"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
          },
          {
            "name": "26955",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26955"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-12-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-12-25T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "28152",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28152"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
        },
        {
          "name": "26955",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26955"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6390",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28152",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28152"
            },
            {
              "name": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html",
              "refsource": "MISC",
              "url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
            },
            {
              "name": "26955",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26955"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6390",
    "datePublished": "2007-12-17T18:00:00",
    "dateReserved": "2007-12-17T00:00:00",
    "dateUpdated": "2024-08-07T16:02:36.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4282
Vulnerability from cvelistv5
Published
2007-08-09 21:00
Modified
2024-08-07 14:46
Severity ?
Summary
The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.
References
http://www.securityfocus.com/bid/25235vdb-entry, x_refsource_BID
http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.htmlx_refsource_MISC
http://secunia.com/advisories/26347third-party-advisory, x_refsource_SECUNIA
http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716x_refsource_CONFIRM
http://osvdb.org/36534vdb-entry, x_refsource_OSVDB
http://sourceforge.net/forum/forum.php?forum_id=722867x_refsource_CONFIRM
http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.htmlx_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/35868vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:46:39.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25235",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25235"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
          },
          {
            "name": "26347",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26347"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
          },
          {
            "name": "36534",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36534"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"
          },
          {
            "name": "serendipity-extendedprop-security-bypass(35868)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "25235",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25235"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
        },
        {
          "name": "26347",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26347"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
        },
        {
          "name": "36534",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36534"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"
        },
        {
          "name": "serendipity-extendedprop-security-bypass(35868)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4282",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "25235",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25235"
            },
            {
              "name": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html",
              "refsource": "MISC",
              "url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
            },
            {
              "name": "26347",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26347"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
            },
            {
              "name": "36534",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36534"
            },
            {
              "name": "http://sourceforge.net/forum/forum.php?forum_id=722867",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
            },
            {
              "name": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released,-security-bug-in-entryproperties-plugin.html",
              "refsource": "CONFIRM",
              "url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released,-security-bug-in-entryproperties-plugin.html"
            },
            {
              "name": "serendipity-extendedprop-security-bypass(35868)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4282",
    "datePublished": "2007-08-09T21:00:00",
    "dateReserved": "2007-08-09T00:00:00",
    "dateUpdated": "2024-08-07T14:46:39.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-5499
Vulnerability from cvelistv5
Published
2006-10-25 10:00
Modified
2024-08-07 19:55
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
References
http://www.securityfocus.com/archive/1/449189/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://securityreason.com/securityalert/1771third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/bid/20627vdb-entry, x_refsource_BID
http://www.osvdb.org/29893vdb-entry, x_refsource_OSVDB
http://www.hardened-php.net/advisory_112006.136.htmlx_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/29695vdb-entry, x_refsource_XF
http://secunia.com/advisories/22501third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1017100vdb-entry, x_refsource_SECTRACK
http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.htmlmailing-list, x_refsource_FULLDISC
http://www.s9y.org/forums/viewtopic.php?t=7356x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4135vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:55:52.926Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
          },
          {
            "name": "1771",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1771"
          },
          {
            "name": "20627",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20627"
          },
          {
            "name": "29893",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/29893"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.hardened-php.net/advisory_112006.136.html"
          },
          {
            "name": "serendipity-admin-xss(29695)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
          },
          {
            "name": "22501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22501"
          },
          {
            "name": "1017100",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017100"
          },
          {
            "name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
          },
          {
            "name": "ADV-2006-4135",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4135"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
        },
        {
          "name": "1771",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1771"
        },
        {
          "name": "20627",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20627"
        },
        {
          "name": "29893",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/29893"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.hardened-php.net/advisory_112006.136.html"
        },
        {
          "name": "serendipity-admin-xss(29695)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
        },
        {
          "name": "22501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22501"
        },
        {
          "name": "1017100",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017100"
        },
        {
          "name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
        },
        {
          "name": "ADV-2006-4135",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4135"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5499",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
            },
            {
              "name": "1771",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1771"
            },
            {
              "name": "20627",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20627"
            },
            {
              "name": "29893",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/29893"
            },
            {
              "name": "http://www.hardened-php.net/advisory_112006.136.html",
              "refsource": "MISC",
              "url": "http://www.hardened-php.net/advisory_112006.136.html"
            },
            {
              "name": "serendipity-admin-xss(29695)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
            },
            {
              "name": "22501",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22501"
            },
            {
              "name": "1017100",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017100"
            },
            {
              "name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
            },
            {
              "name": "http://www.s9y.org/forums/viewtopic.php?t=7356",
              "refsource": "CONFIRM",
              "url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
            },
            {
              "name": "ADV-2006-4135",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4135"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5499",
    "datePublished": "2006-10-25T10:00:00",
    "dateReserved": "2006-10-24T00:00:00",
    "dateUpdated": "2024-08-07T19:55:52.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4090
Vulnerability from cvelistv5
Published
2019-11-26 04:09
Modified
2024-08-06 23:53
Severity ?
Summary
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
References
https://security-tracker.debian.org/tracker/CVE-2011-4090x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-4090x_refsource_MISC
https://seclists.org/oss-sec/2011/q4/176x_refsource_MISC
Impacted products
Vendor Product Version
serendipity serendipity Version: before 1.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:53:32.642Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2011-4090"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/oss-sec/2011/q4/176"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "serendipity",
          "vendor": "serendipity",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-26T04:09:48",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/cve-2011-4090"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/oss-sec/2011/q4/176"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-4090",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "serendipity",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "serendipity"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2011-4090",
              "refsource": "MISC",
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
            },
            {
              "name": "https://access.redhat.com/security/cve/cve-2011-4090",
              "refsource": "MISC",
              "url": "https://access.redhat.com/security/cve/cve-2011-4090"
            },
            {
              "name": "https://seclists.org/oss-sec/2011/q4/176",
              "refsource": "MISC",
              "url": "https://seclists.org/oss-sec/2011/q4/176"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4090",
    "datePublished": "2019-11-26T04:09:48",
    "dateReserved": "2011-10-18T00:00:00",
    "dateUpdated": "2024-08-06T23:53:32.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-1476
Vulnerability from cvelistv5
Published
2008-03-24 22:00
Modified
2024-08-07 08:24
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/41343vdb-entry, x_refsource_XF
http://secunia.com/advisories/29398third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1528vendor-advisory, x_refsource_DEBIAN
http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/28298vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2008/0925/referencesvdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/29502third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:24:41.805Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "serendipity-trackbacks-data-xss(41343)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
          },
          {
            "name": "29398",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29398"
          },
          {
            "name": "DSA-1528",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1528"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
          },
          {
            "name": "28298",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28298"
          },
          {
            "name": "ADV-2008-0925",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0925/references"
          },
          {
            "name": "29502",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29502"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "serendipity-trackbacks-data-xss(41343)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
        },
        {
          "name": "29398",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29398"
        },
        {
          "name": "DSA-1528",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1528"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
        },
        {
          "name": "28298",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28298"
        },
        {
          "name": "ADV-2008-0925",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0925/references"
        },
        {
          "name": "29502",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29502"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1476",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "serendipity-trackbacks-data-xss(41343)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
            },
            {
              "name": "29398",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29398"
            },
            {
              "name": "DSA-1528",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1528"
            },
            {
              "name": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html",
              "refsource": "CONFIRM",
              "url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
            },
            {
              "name": "28298",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28298"
            },
            {
              "name": "ADV-2008-0925",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0925/references"
            },
            {
              "name": "29502",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29502"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1476",
    "datePublished": "2008-03-24T22:00:00",
    "dateReserved": "2008-03-24T00:00:00",
    "dateUpdated": "2024-08-07T08:24:41.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2006-10-25 10:07
Modified
2024-11-21 00:19
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html
cve@mitre.orghttp://secunia.com/advisories/22501Patch, Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/1771
cve@mitre.orghttp://securitytracker.com/id?1017100
cve@mitre.orghttp://www.hardened-php.net/advisory_112006.136.html
cve@mitre.orghttp://www.osvdb.org/29893
cve@mitre.orghttp://www.s9y.org/forums/viewtopic.php?t=7356
cve@mitre.orghttp://www.securityfocus.com/archive/1/449189/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/20627
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/4135
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/29695
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22501Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1771
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017100
af854a3a-2127-422b-91ae-364da2661108http://www.hardened-php.net/advisory_112006.136.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/29893
af854a3a-2127-422b-91ae-364da2661108http://www.s9y.org/forums/viewtopic.php?t=7356
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/449189/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20627
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4135
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29695
Impacted products
Vendor Product Version
serendipity serendipity *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C8D2FF0-97FB-414D-96C6-86DD09CAAD1A",
              "versionEndIncluding": "1.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en secuencias de comandos en sitios cruzados (XSS) en Serendipity (s9y) 1.0.1 y anteriores, permite a atacantes remotos la inyecci\u00f3n de secuencias de comandos Web o HTML de su elecci\u00f3n, a trav\u00e9s de vectores no especificados en la p\u00e1gina del administrador del gestor de media."
    }
  ],
  "id": "CVE-2006-5499",
  "lastModified": "2024-11-21T00:19:28.593",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-10-25T10:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22501"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1771"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017100"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.hardened-php.net/advisory_112006.136.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/29893"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/20627"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4135"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.hardened-php.net/advisory_112006.136.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/29893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-08-09 21:17
Modified
2024-11-21 00:35
Severity ?
Summary
The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.
References
cve@mitre.orghttp://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html
cve@mitre.orghttp://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html
cve@mitre.orghttp://osvdb.org/36534
cve@mitre.orghttp://secunia.com/advisories/26347Vendor Advisory
cve@mitre.orghttp://sourceforge.net/forum/forum.php?forum_id=722867Patch
cve@mitre.orghttp://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716
cve@mitre.orghttp://www.securityfocus.com/bid/25235
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/35868
af854a3a-2127-422b-91ae-364da2661108http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html
af854a3a-2127-422b-91ae-364da2661108http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/36534
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26347Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/forum/forum.php?forum_id=722867Patch
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?group_id=75065&release_id=530716
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25235
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/35868
Impacted products
Vendor Product Version
serendipity serendipity 1.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26AA8798-E46D-4F91-ABFF-B1842275D844",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n de \"Propiedades extendidas de entrada\" (entryproperties) en el serendipity_event_entryproperties.php del Serendipity 1.1.3 permite a atacantes remotos autenticados, evitar la protecci\u00f3n de la contrase\u00f1a y \"establecer una configuraci\u00f3n de las entryproperties a medida en el Serendipity Frontend\" a trav\u00e9s de ciertas peticiones que modifican si la contrase\u00f1a ha sido validada."
    }
  ],
  "id": "CVE-2007-4282",
  "lastModified": "2024-11-21T00:35:13.553",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-08-09T21:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/36534"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26347"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25235"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/36534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26347"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-12-17 18:46
Modified
2024-11-21 00:40
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page.
References
cve@mitre.orghttp://secunia.com/advisories/28152Vendor Advisory
cve@mitre.orghttp://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html
cve@mitre.orghttp://www.securityfocus.com/bid/26955
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28152Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26955
Impacted products
Vendor Product Version
serendipity serendipity *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FE5C8B2-0669-41A6-9C03-15746EAD922D",
              "versionEndIncluding": "0.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el plugin mycalendar versiones anteriores a 0.13 para Serendipity, permite a los atacantes remotos realizar acciones como administradores de blogs, que pueden ser aprovechadas para conducir ataques de tipo cross-site scripting (XSS) en la p\u00e1gina blog."
    }
  ],
  "id": "CVE-2007-6390",
  "lastModified": "2024-11-21T00:40:02.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-12-17T18:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28152"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26955"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-03-24 22:44
Modified
2024-11-21 00:44
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.
References
cve@mitre.orghttp://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
cve@mitre.orghttp://secunia.com/advisories/29398Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/29502Vendor Advisory
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1528
cve@mitre.orghttp://www.securityfocus.com/bid/28298
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0925/references
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/41343
af854a3a-2127-422b-91ae-364da2661108http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29398Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29502Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1528
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28298
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0925/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41343
Impacted products
Vendor Product Version
serendipity serendipity *
serendipity serendipity 0.3
serendipity serendipity 0.4
serendipity serendipity 0.5_pl1
serendipity serendipity 0.6_pl3
serendipity serendipity 0.7
serendipity serendipity 0.7.1
serendipity serendipity 0.8
serendipity serendipity 0.8.1
serendipity serendipity 0.8.2
serendipity serendipity 0.8.3
serendipity serendipity 0.8.4
serendipity serendipity 0.8.5
serendipity serendipity 0.9
serendipity serendipity 0.9.1
serendipity serendipity 1.0
serendipity serendipity 1.0.1
serendipity serendipity 1.0.2
serendipity serendipity 1.0.3
serendipity serendipity 1.0.4
serendipity serendipity 1.1
serendipity serendipity 1.1.1
serendipity serendipity 1.1.2
serendipity serendipity 1.1.3
serendipity serendipity 1.1.4
serendipity serendipity 1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A7F03F-B208-42CB-9C92-D6C91B5A0B63",
              "versionEndIncluding": "1.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E76BF9-E517-4F90-8BF0-E9778ADB8EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCD05A9E-1ADA-493A-8B4A-42CF6B0799B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.5_pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD95BE08-FE15-4003-A7A8-66ED5FFA1F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.6_pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B643749-7042-4E0E-AA43-B393067C689D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "75E0E8DF-38CD-405C-AB70-915A03FD4990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65197FD8-6DA6-41F6-8187-9D76308D9E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "712D208E-D70C-48FF-BDA8-BDFB78415305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "048A793F-A64E-486A-95CF-17DA2F6FBF56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7388332D-10CE-439A-AA1B-E03AA6786CEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F2BE6D0-0EA7-4764-8A98-7BE7D3F80C80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F2C16D1-3708-4EB9-8CFC-58BE57AF11EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAE60E47-6660-4ABF-B77D-63D517ABC481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D22A37CD-4F71-42E6-8E30-6C9815068C20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15A336BA-698D-4F93-BCBA-63693E50823E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C78FB439-F70B-4EE1-B026-BCCFA3D94D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B2ED0DF-DEAD-497A-A6E4-0E861AF3C0B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8A0A3E-BAC6-4338-A026-129048532322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B42960D-8880-4DD9-A8BA-8D9D34E1C568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C7F0EC2-8A5F-45A0-A557-E831B94BE3A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0223CA41-2914-43B5-B768-AF18A9B3815D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB35A49-9FF9-4F53-B5E9-F7AB6300CADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA8A071-CB09-4269-8606-823B32207BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26AA8798-E46D-4F91-ABFF-B1842275D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6D2694B-E9C3-49E5-83C2-53138CDFAA43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "727E6C9A-C6F0-41C3-B4DA-AED1F22E5111",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Serendipity (S9Y) antes de 1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados relacionados con trackbacks recibidos."
    }
  ],
  "id": "CVE-2008-1476",
  "lastModified": "2024-11-21T00:44:37.843",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-03-24T22:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29398"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29502"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1528"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28298"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0925/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0925/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-03-07 21:19
Modified
2024-11-21 00:28
Severity ?
Summary
SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.
References
cve@mitre.orghttp://osvdb.org/34935
cve@mitre.orghttp://securityreason.com/securityalert/2383
cve@mitre.orghttp://www.securityfocus.com/archive/1/461671/100/0/threaded
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/32768
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/34935
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2383
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/461671/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/32768
Impacted products
Vendor Product Version
serendipity serendipity 1.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:serendipity:serendipity:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB35A49-9FF9-4F53-B5E9-F7AB6300CADA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en index.php de Serendipity 1.1.1 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro [multiCat][]."
    }
  ],
  "id": "CVE-2007-1326",
  "lastModified": "2024-11-21T00:28:02.227",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-07T21:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/34935"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2383"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/34935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}