Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Serendipity'
2020-01-22
CVE-2011-3610
CWE-79
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
2019-11-26
CVE-2011-4090
CWE-79
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
2019-11-05
CVE-2011-1135
CWE-79
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
CVE-2011-1134
CWE-434
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
CVE-2011-1133
CWE-79
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
2019-05-24
CVE-2016-10752
CWE-434
serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.
2019-05-09
CVE-2019-11870
CWE-79
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
2019-01-15
CVE-2016-10737
CWE-79
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
2017-11-17
CVE-2017-1000129
CWE-89
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
2017-04-24
CVE-2017-8102
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'Serendipity' 
Polish
English