S9y

s9y

61 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Serendipity

serendipity

58 CVEs

Serendipity Event Freetag

serendipity_event_freetag

3 CVEs

CVEs (61)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-39971 1S9y 1Serendipity Apr 23, 2026 Apr 15, 2026 N/A· v4 7.2 HIGH· v3 N/A· v2 Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $_SERVER['HTTP_HOST'] directly into the Message-ID SMTP header without val...Show more Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $_SERVER['HTTP_HOST'] directly into the Message-ID SMTP header without validation, and the existing sanitization function serendipity_isResponseClean() is not called on HTTP_HOST before embedding it. An attacker who can control the Host header during an email-triggering action such as comment notifications or subscription emails can inject arbitrary SMTP headers into outgoing emails. This enables identity spoofing, reply hijacking via manipulated Message-ID threading, and email reputation abuse through the attacker's domain being embedded in legitimate mail headers. This issue has been fixed in version 2.6.0.Show less
CVE-2026-39963 1S9y 1Serendipity Apr 23, 2026 Apr 15, 2026 N/A· v4 6.9 MEDIUM· v3 N/A· v2 Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include/functions_config.inc.php uses $_SERVER['HTTP_HOST'] without validation as the domain parameter...Show more Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include/functions_config.inc.php uses $_SERVER['HTTP_HOST'] without validation as the domain parameter of setcookie(). An attacker who can influence the Host header at login time, such as via MITM, reverse proxy misconfiguration, or load balancer manipulation, can force authentication cookies including session tokens and auto-login tokens to be scoped to an attacker-controlled domain. This enables session fixation, token leakage to attacker-controlled infrastructure, and privilege escalation if an admin logs in under a poisoned Host header. This issue has been fixed in version 2.6.0.Show less
CVE-2023-53933 1S9y 1Serendipity Dec 24, 2025 Dec 17, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the medi...Show more Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.Show less
CVE-2023-53932 1S9y 1Serendipity Dec 27, 2025 Dec 17, 2025 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that wi...Show more Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post.Show less
CVE-2024-58282 1S9y 1Serendipity Dec 19, 2025 Dec 10, 2025 8.6 HIGH· v4 7.2 HIGH· v3 N/A· v2 Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechan...Show more Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.Show less
CVE-2023-31576 1S9y 1Serendipity Jan 23, 2025 May 16, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.
CVE-2020-10964 1S9y 1Serendipity Nov 21, 2024 Mar 25, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
CVE-2011-3610 1S9y 1Serendipity Event Freetag Nov 21, 2024 Jan 22, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.
CVE-2011-4090 1S9y 1Serendipity Nov 21, 2024 Nov 26, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
CVE-2011-1135 1S9y 1Serendipity Nov 21, 2024 Nov 5, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
CVE-2011-1134 1S9y 1Serendipity Nov 21, 2024 Nov 5, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
CVE-2011-1133 1S9y 1Serendipity Nov 21, 2024 Nov 5, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
CVE-2016-10752 1S9y 1Serendipity Nov 21, 2024 May 24, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename...Show more serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename.Show less
CVE-2019-11870 1S9y 1Serendipity Nov 21, 2024 May 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
CVE-2016-10737 1S9y 1Serendipity Nov 21, 2024 Jan 16, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
CVE-2017-1000129 1S9y 1Serendipity May 13, 2026 Nov 17, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
CVE-2017-8102 1S9y 1Serendipity May 13, 2026 Apr 24, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a se...Show more Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.Show less
CVE-2017-8101 1S9y 1Serendipity May 13, 2026 Apr 24, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
CVE-2017-5609 1S9y 1Serendipity May 13, 2026 Jan 28, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
CVE-2017-5476 1S9y 1Serendipity May 13, 2026 Jan 14, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.

12 3 4 Next