S9Y Serendipity 2.1 Release Candidate 1

CPE Details

S9Y Serendipity 2.1 Release Candidate 1
s9y
serendipity
2.1
2017-04-28
16h52 +00:00
2017-04-28
16h52 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:s9y:serendipity:2.1:rc1:*:*:*:*:*:*

Informations

Vendor

s9y

Product

serendipity

Version

2.1

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-10964 2020-03-25 20h53 +00:00 Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.
9.8
Critique
CVE-2019-11870 2019-05-09 19h25 +00:00 Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
6.1
Moyen
CVE-2017-8102 2017-04-24 18h00 +00:00 Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
5.4
Moyen