Known Vulnerabilities for products from S9y
Listed below are 20 of the newest known vulnerabilities associated with the vendor "S9y".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-31576 json | An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML... | 8.8 - HIGH | 2023-05-16 | 2023-05-23 |
| CVE-2020-10964 json | Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file ... | 9.8 - CRITICAL | 2020-03-25 | 2020-03-27 |
| CVE-2019-11870 json | Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview... | 6.1 - MEDIUM | 2019-05-09 | 2019-05-10 |
| CVE-2017-1000129 json | Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | 7.5 - HIGH | 2017-11-17 | 2017-11-29 |
| CVE-2017-8102 json | Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new ent... | 5.4 - MEDIUM | 2017-04-24 | 2017-04-28 |
| CVE-2017-8101 json | There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. | 8.8 - HIGH | 2017-04-24 | 2017-04-27 |
| CVE-2017-5609 json | SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to ex... | 8.8 - HIGH | 2017-01-28 | 2019-03-19 |
| CVE-2017-5476 json | Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. | 8.8 - HIGH | 2017-01-14 | 2017-01-25 |
| CVE-2017-5475 json | comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. | 8.8 - HIGH | 2017-01-14 | 2017-01-25 |
| CVE-2017-5474 json | Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrar... | 6.1 - MEDIUM | 2017-01-14 | 2017-01-25 |
| CVE-2016-10752 json | serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because ... | 9.8 - CRITICAL | 2019-05-24 | 2019-05-29 |
| CVE-2016-10737 json | Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. | 5.4 - MEDIUM | 2019-01-16 | 2019-01-23 |
| CVE-2016-10082 json | include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Executio... | 9.8 - CRITICAL | 2016-12-30 | 2017-01-03 |
| CVE-2016-9752 json | In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a... | 8.6 - HIGH | 2016-12-01 | 2016-12-03 |
| CVE-2016-9681 json | Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject ar... | 5.4 - MEDIUM | 2016-12-25 | 2016-12-30 |
| CVE-2015-8603 json | Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script o... | 5.4 - MEDIUM | 2016-01-12 | 2018-10-09 |
| CVE-2015-6969 json | Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attack... | 4.3 - MEDIUM | 2015-09-16 | 2015-09-16 |
| CVE-2015-6968 json | Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in... | 6.5 - MEDIUM | 2015-09-16 | 2015-09-16 |
| CVE-2015-6943 json | SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipit... | 6 - MEDIUM | 2015-09-15 | 2016-12-22 |
| CVE-2015-2289 json | Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authen... | 3.5 - LOW | 2015-03-23 | 2018-10-09 |
Known software with vulnerabilities from S9y
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | S9y | Serendipity | 0.3 |
| Application | S9y | Serendipity Event Freetag | 2.103 |