serendipity · threatengine.sh

CVE-2026-39971

< 2.6.0

Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.

7.2HIGH

CVE-2026-39963

< 2.6.0

Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include/func

6.9MEDIUM

CVE-2023-53933

all versions

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files

8.8HIGH

CVE-2023-53932

all versions

Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts

5.4MEDIUM

CVE-2024-58282

all versions

Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP

7.2HIGH

CVE-2023-31576

all versions

An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or J

8.8HIGH

CVE-2020-10964

< 2.3.4

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may e

9.8CRITICAL

CVE-2011-4090

< 1.6

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.

6.1MEDIUM

CVE-2011-1135

< 1.5.5

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbit

6.1MEDIUM

CVE-2011-1134

< 1.5.5

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbit

9.8CRITICAL

CVE-2011-1133

< 1.5.5

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbit

6.1MEDIUM

CVE-2016-10752

all versions

serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mi

9.8CRITICAL

CVE-2019-11870

< 2.1.5

Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feat

6.1MEDIUM

CVE-2016-10737

all versions

Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.

5.4MEDIUM

CVE-2017-1000129

all versions

Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure

7.5HIGH

CVE-2017-8102

all versions

Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as

5.4MEDIUM

CVE-2017-8101

all versions

There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.

8.8HIGH

CVE-2017-5609

all versions

SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute

8.8HIGH

CVE-2017-5476

<= 2.0.5

Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.

8.8HIGH

CVE-2017-5475

<= 2.0.5

comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.

8.8HIGH

CVE-2017-5474

<= 2.0.5

Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web

6.1MEDIUM

CVE-2016-10082

<= 2.0.5

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution att

9.8CRITICAL

CVE-2016-9681

<= 2.0.4

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitra

5.4MEDIUM

CVE-2016-9752

<= 2.0.4

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x

8.6HIGH

CVE-2015-8603

<= 2.0.2

Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTM

5.4MEDIUM

CVE-2015-6969

<= 2.0.1

Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers t

CVE-2015-6968

<= 2.0.1

Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Sere

CVE-2015-6943

<= 2.0.1

SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity bef

CVE-2015-2289

<= 2.0

Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticat

CVE-2014-9432

<= 2.0

Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow r

CVE-2013-5670

<= 1.7.2

Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity

CVE-2013-5314

<= 1.6.2

Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote at

CVE-2012-2332

<= 1.6

SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute ar

CVE-2012-2331

<= 1.6

Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows re

CVE-2012-2762

<= 1.6.1

SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitr

CVE-2011-3800

all versions

Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the i

CVE-2010-2957

<= 1.5.3

Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attacke

CVE-2010-1916

all versions

The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allow

CVE-2009-4412

<= 1.5

Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by up

CVE-2008-1386

all versions

Multiple cross-site scripting (XSS) vulnerabilities in the installer in Serendipity (S9Y) 1.3 allow remote attackers to inject arb

CVE-2008-1385

<= 1.3

Cross-site scripting (XSS) vulnerability in the Top Referrers (aka referrer) plugin in Serendipity (S9Y) before 1.3.1 allows remot

CVE-2008-1476

<= 1.2.1

Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or

CVE-2008-0124

all versions

Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitra

CVE-2007-6390

<= 0.12

Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to pe

CVE-2007-6205

all versions

Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before

CVE-2007-4282

all versions

The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allow

CVE-2007-1326

all versions

SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the se

CVE-2006-6242

all versions

Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary

CVE-2006-5499

<= 1.0.1

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitr

CVE-2006-2495

all versions

Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to pe

CVE-2006-1910

all versions

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in

CVE-2005-3129

<= 0.8.4

Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized a

CVE-2005-1713

all versions

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HT

CVE-2005-1712

all versions

Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media f

CVE-2005-1452

all versions

Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."

CVE-2005-1451

all versions

The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.

CVE-2005-1450

all versions

Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impa

CVE-2005-1449

all versions

Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.

CVE-2005-1448

all versions

Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitra

CVE-2005-1134

all versions

SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands

CVE-2004-2525

all versions

Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web

CVE-2004-2158

all versions

SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id pa

CVE-2004-2157

all versions

Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, al

CVE-2004-1620

all versions

CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to mo

s9y serendipity