Search criteria
8 vulnerabilities by serendipity
CVE-2024-58282 (GCVE-0-2024-58282)
Vulnerability from cvelistv5 – Published: 2025-12-10 21:14 – Updated: 2026-04-07 14:08
VLAI
Title
Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload
Summary
Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.
Severity
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/52036 | exploit |
| https://docs.s9y.org/ | product |
| https://www.s9y.org/latest | product |
| https://www.vulncheck.com/advisories/serendipity-… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Serendipity | Serendipity |
Affected:
2.5.0
|
Date Public
2024-06-03 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58282",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:45:44.516499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:51:39.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.s9y.org/latest"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Serendipity",
"vendor": "Serendipity",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s9y:serendipity:2.5.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmet \u00dcmit BAYRAM"
}
],
"datePublic": "2024-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSerendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.\u003c/p\u003e"
}
],
"value": "Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:08:35.515Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52036",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52036"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://docs.s9y.org/"
},
{
"name": "Software Link",
"tags": [
"product"
],
"url": "https://www.s9y.org/latest"
},
{
"name": "VulnCheck Advisory: Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/serendipity-remote-code-execution-via-authenticated-media-upload"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58282",
"datePublished": "2025-12-10T21:14:19.900Z",
"dateReserved": "2025-12-10T14:35:24.455Z",
"dateUpdated": "2026-04-07T14:08:35.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2011-3610 (GCVE-0-2011-3610)
Vulnerability from cvelistv5 – Published: 2020-01-22 15:43 – Updated: 2024-08-06 23:37
VLAI
Summary
A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2011/… | x_refsource_MISC |
| https://packetstormsecurity.com/files/105054/Secu… | x_refsource_MISC |
| https://git.schokokeks.org/freewvs.git/blob/ddc4b… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Serendipity | serendipity freetag plugin |
Affected:
before 3.30
|
Date Public
2011-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/10/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "serendipity freetag plugin",
"vendor": "Serendipity",
"versions": [
{
"status": "affected",
"version": "before 3.30"
}
]
}
],
"datePublic": "2011-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T15:43:42.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/10/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "serendipity freetag plugin",
"version": {
"version_data": [
{
"version_value": "before 3.30"
}
]
}
}
]
},
"vendor_name": "Serendipity"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/10/10/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/10/10/3"
},
{
"name": "https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html"
},
{
"name": "https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs",
"refsource": "MISC",
"url": "https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3610",
"datePublished": "2020-01-22T15:43:42.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4090 (GCVE-0-2011-4090)
Vulnerability from cvelistv5 – Published: 2019-11-26 04:09 – Updated: 2024-08-06 23:53
VLAI
Summary
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-4090 | x_refsource_MISC |
| https://seclists.org/oss-sec/2011/q4/176 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| serendipity | serendipity |
Affected:
before 1.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2011/q4/176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "serendipity",
"vendor": "serendipity",
"versions": [
{
"status": "affected",
"version": "before 1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T04:09:48.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2011/q4/176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "serendipity",
"version": {
"version_data": [
{
"version_value": "before 1.6"
}
]
}
}
]
},
"vendor_name": "serendipity"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-4090",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4090"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-4090",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-4090"
},
{
"name": "https://seclists.org/oss-sec/2011/q4/176",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2011/q4/176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4090",
"datePublished": "2019-11-26T04:09:48.000Z",
"dateReserved": "2011-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:53:32.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1476 (GCVE-0-2008-1476)
Vulnerability from cvelistv5 – Published: 2008-03-24 22:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/29398 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2008/dsa-1528 | vendor-advisoryx_refsource_DEBIAN |
| http://blog.s9y.org/archives/192-Serendipity-1.3-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/28298 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2008/0925… | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/29502 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "serendipity-trackbacks-data-xss(41343)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
},
{
"name": "29398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29398"
},
{
"name": "DSA-1528",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
},
{
"name": "28298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28298"
},
{
"name": "ADV-2008-0925",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0925/references"
},
{
"name": "29502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29502"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "serendipity-trackbacks-data-xss(41343)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
},
{
"name": "29398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29398"
},
{
"name": "DSA-1528",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
},
{
"name": "28298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28298"
},
{
"name": "ADV-2008-0925",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0925/references"
},
{
"name": "29502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29502"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "serendipity-trackbacks-data-xss(41343)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41343"
},
{
"name": "29398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29398"
},
{
"name": "DSA-1528",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1528"
},
{
"name": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html"
},
{
"name": "28298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28298"
},
{
"name": "ADV-2008-0925",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0925/references"
},
{
"name": "29502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29502"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1476",
"datePublished": "2008-03-24T22:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:41.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6390 (GCVE-0-2007-6390)
Vulnerability from cvelistv5 – Published: 2007-12-17 18:00 – Updated: 2024-08-07 16:02
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/28152 | third-party-advisoryx_refsource_SECUNIA |
| http://www.hboeck.de/archives/572-Some-XSS-issues… | x_refsource_MISC |
| http://www.securityfocus.com/bid/26955 | vdb-entryx_refsource_BID |
Date Public
2007-12-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28152"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
},
{
"name": "26955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-12-25T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28152"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
},
{
"name": "26955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26955"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28152"
},
{
"name": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html",
"refsource": "MISC",
"url": "http://www.hboeck.de/archives/572-Some-XSS-issues-in-Serendipity-found.html"
},
{
"name": "26955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26955"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6390",
"datePublished": "2007-12-17T18:00:00.000Z",
"dateReserved": "2007-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4282 (GCVE-0-2007-4282)
Vulnerability from cvelistv5 – Published: 2007-08-09 21:00 – Updated: 2024-08-07 14:46
VLAI
Summary
The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/25235 | vdb-entryx_refsource_BID |
| http://blog.drinsama.de/erich/en/security/2007080… | x_refsource_MISC |
| http://secunia.com/advisories/26347 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
| http://osvdb.org/36534 | vdb-entryx_refsource_OSVDB |
| http://sourceforge.net/forum/forum.php?forum_id=722867 | x_refsource_CONFIRM |
| http://blog.s9y.org/archives/178-Serendipity-1.1.… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-08-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25235"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
},
{
"name": "26347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26347"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
},
{
"name": "36534",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36534"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"
},
{
"name": "serendipity-extendedprop-security-bypass(35868)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25235"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
},
{
"name": "26347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26347"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
},
{
"name": "36534",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36534"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released%2C-security-bug-in-entryproperties-plugin.html"
},
{
"name": "serendipity-extendedprop-security-bypass(35868)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"Extended properties for entries\" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and \"deliver custom entryproperties settings to the Serendipity Frontend\" via a certain request that modifies the password being checked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25235"
},
{
"name": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html",
"refsource": "MISC",
"url": "http://blog.drinsama.de/erich/en/security/2007080801-security-issue-in-serendipity.html"
},
{
"name": "26347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26347"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=75065\u0026release_id=530716"
},
{
"name": "36534",
"refsource": "OSVDB",
"url": "http://osvdb.org/36534"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=722867",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=722867"
},
{
"name": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released,-security-bug-in-entryproperties-plugin.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/178-Serendipity-1.1.4-released,-security-bug-in-entryproperties-plugin.html"
},
{
"name": "serendipity-extendedprop-security-bypass(35868)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4282",
"datePublished": "2007-08-09T21:00:00.000Z",
"dateReserved": "2007-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1326 (GCVE-0-2007-1326)
Vulnerability from cvelistv5 – Published: 2007-03-07 21:00 – Updated: 2024-08-07 12:50
VLAI
Summary
SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/461671/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/34935 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/2383 | third-party-advisoryx_refsource_SREASON |
Date Public
2007-03-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "serendipity-index-sql-injection(32768)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
},
{
"name": "20070301 Serendipity unauthenticated SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
},
{
"name": "34935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34935"
},
{
"name": "2383",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2383"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "serendipity-index-sql-injection(32768)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
},
{
"name": "20070301 Serendipity unauthenticated SQL-Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
},
{
"name": "34935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34935"
},
{
"name": "2383",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2383"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "serendipity-index-sql-injection(32768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32768"
},
{
"name": "20070301 Serendipity unauthenticated SQL-Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461671/100/0/threaded"
},
{
"name": "34935",
"refsource": "OSVDB",
"url": "http://osvdb.org/34935"
},
{
"name": "2383",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2383"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1326",
"datePublished": "2007-03-07T21:00:00.000Z",
"dateReserved": "2007-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:50:35.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5499 (GCVE-0-2006-5499)
Vulnerability from cvelistv5 – Published: 2006-10-25 10:00 – Updated: 2024-08-07 19:55
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/449189/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1771 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/20627 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/29893 | vdb-entryx_refsource_OSVDB |
| http://www.hardened-php.net/advisory_112006.136.html | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/22501 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1017100 | vdb-entryx_refsource_SECTRACK |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.s9y.org/forums/viewtopic.php?t=7356 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2006/4135 | vdb-entryx_refsource_VUPEN |
Date Public
2006-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:52.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
},
{
"name": "1771",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1771"
},
{
"name": "20627",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20627"
},
{
"name": "29893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29893"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_112006.136.html"
},
{
"name": "serendipity-admin-xss(29695)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
},
{
"name": "22501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22501"
},
{
"name": "1017100",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017100"
},
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
},
{
"name": "ADV-2006-4135",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
},
{
"name": "1771",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1771"
},
{
"name": "20627",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20627"
},
{
"name": "29893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29893"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_112006.136.html"
},
{
"name": "serendipity-admin-xss(29695)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
},
{
"name": "22501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22501"
},
{
"name": "1017100",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017100"
},
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
},
{
"name": "ADV-2006-4135",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
},
{
"name": "1771",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1771"
},
{
"name": "20627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20627"
},
{
"name": "29893",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29893"
},
{
"name": "http://www.hardened-php.net/advisory_112006.136.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_112006.136.html"
},
{
"name": "serendipity-admin-xss(29695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
},
{
"name": "22501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22501"
},
{
"name": "1017100",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017100"
},
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
},
{
"name": "http://www.s9y.org/forums/viewtopic.php?t=7356",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
},
{
"name": "ADV-2006-4135",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5499",
"datePublished": "2006-10-25T10:00:00.000Z",
"dateReserved": "2006-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:55:52.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}