CVE-2016-10082 — CVSS 9.8 (critical): include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack…
CVE-2020-10964 — CVSS 9.8 (critical): Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a…
CVE-2016-10752 — CVSS 9.8 (critical): serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles…
CVE-2011-1134 — CVSS 9.8 (critical): Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code…
CVE-2017-5476 — CVSS 8.8 (high): Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
CVE-2023-53933 — CVSS 8.8 (high): Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with…
CVE-2017-8101 — CVSS 8.8 (high): There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
CVE-2023-31576 — CVSS 8.8 (high): An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript…
CVE-2017-5609 — CVSS 8.8 (high): SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute…
CVE-2016-9752 — CVSS 8.6 (high): In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka…
CVE-2006-2495 — CVSS 7.5 (high): Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform…
CVE-2012-2332 — CVSS 7.5 (high): SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary…
CVE-2004-2158 — CVSS 7.5 (high): SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter…
CVE-2005-1134 — CVSS 7.5 (high): SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the…
CVE-2005-1450 — CVSS 7.5 (high): Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.
CVE-2005-1451 — CVSS 7.5 (high): The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.
CVE-2006-1910 — CVSS 7.5 (high): config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in…
CVE-2012-2762 — CVSS 7.5 (high): SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL…
CVE-2010-1916 — CVSS 7.5 (high): The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote…
CVE-2017-1000129 — CVSS 7.5 (high): Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
CVE-2024-58282 — CVSS 7.2 (high): Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files…
CVE-2026-39971 — CVSS 7.2 (high): Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php…
CVE-2026-39963 — CVSS 6.9 (medium): Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include/functions_confi…
CVE-2006-6242 — CVSS 6.8 (medium): Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local…
CVE-2005-1448 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web…
CVE-2015-6968 — CVSS 6.5 (medium): Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity…
CVE-2017-5474 — CVSS 6.1 (medium): Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites…
CVE-2011-1135 — CVSS 6.1 (medium): Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code…
CVE-2011-4090 — CVSS 6.1 (medium): Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
CVE-2019-11870 — CVSS 6.1 (medium): Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or…
CVE-2011-1133 — CVSS 6.1 (medium): Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code…
CVE-2015-6943 — CVSS 6.0 (medium): SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before…
CVE-2009-4412 — CVSS 6.0 (medium): Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a…
CVE-2023-53932 — CVSS 5.4 (medium): Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through…
CVE-2017-8102 — CVSS 5.4 (medium): Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an…
CVE-2015-8603 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2016-9681 — CVSS 5.4 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web…
CVE-2005-3129 — CVSS 5.1 (medium): Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as…
CVE-2004-1620 — CVSS 5.0 (medium): CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify…
CVE-2011-3800 — CVSS 5.0 (medium): Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the…
CVE-2012-2331 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote…
CVE-2013-5314 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers…
CVE-2013-5670 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before…
CVE-2014-9432 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote…
CVE-2015-6969 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject…
CVE-2008-1386 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arbitrary…
CVE-2008-1385 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remote…
CVE-2008-0124 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web…
CVE-2007-6205 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1…
CVE-2004-2525 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script…
CVE-2004-2157 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows…
CVE-2005-1713 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via…
CVE-2015-2289 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated…
CVE-2010-2957 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to…