CVE-2006-5499
CVE-2006-5499 is a medium-severity vulnerability in Serendipity with a CVSS 2.0 base score of 6.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.8)
- EPSS exploit prediction: 2% (76th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Serendipity
- Published:
- Last modified:
Description
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
Frequently asked questions
- What is CVE-2006-5499?
- Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
- How severe is CVE-2006-5499?
- CVE-2006-5499 has a CVSS 2.0 base score of 6.8, rated medium severity.
- Is CVE-2006-5499 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (76th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2006-5499?
- CVE-2006-5499 affects Serendipity. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2006-5499?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2006-5499 published?
- CVE-2006-5499 was published on 2006-10-25 and last updated on 2026-06-16.
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html
- http://secunia.com/advisories/22501
- http://securityreason.com/securityalert/1771
- http://securitytracker.com/id?1017100
- http://www.hardened-php.net/advisory_112006.136.html
- http://www.osvdb.org/29893
- http://www.s9y.org/forums/viewtopic.php?t=7356
- http://www.securityfocus.com/archive/1/449189/100/0/threaded
- http://www.securityfocus.com/bid/20627
- http://www.vupen.com/english/advisories/2006/4135
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29695
Affected products (1)
- cpe:2.3:a:serendipity:serendipity:*:*:*:*:*:*:*:*
More vulnerabilities in Serendipity
- CVE-2007-1326 — High (CVSS 7.5): SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands…
- CVE-2007-4282 — Medium (CVSS 5.0): The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity…
- CVE-2008-1476 — Medium (CVSS 4.3): Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary…
- CVE-2007-6390 — Medium (CVSS 4.3): Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote…