FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9c133aa0-12bd-11dd-bab7-0016179b2dd5serendipity -- multiple cross site scripting vulnerabilities

Hanno Boeck reports:

The installer of serendipity 1.3 has various Cross Site Scripting issues. This is considered low priority, as attack scenarios are very unlikely.

Various path fields are not escaped properly, thus filling them with javascript code will lead to XSS. MySQL error messages are not escaped, thus the database host field can also be filled with javascript.

In the referrer plugin of the blog application serendipity, the referrer string is not escaped, thus leading to a permanent XSS.


Discovery 2008-04-22
Entry 2008-04-25
serendipity
< 1.3.1

serendipity-devel
< 200804242342

28885
CVE-2008-1385
CVE-2008-1386
http://int21.de/cve/CVE-2008-1385-s9y.html
http://int21.de/cve/CVE-2008-1386-s9y.html
http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
3ba87032-7fbd-11e9-8a5f-c85b76ce9b5aserendipity -- XSS

MITRE:

Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.


Discovery 2019-05-01
Entry 2019-05-26
serendipity
< 2.1.5

https://blog.s9y.org/archives/282-Serendipity-2.1.5-released.html
CVE-2019-11870
01018916-c47c-11e8-8b07-00e04c1ea73dSerendipity -- multiple vulnerabilities

Serendipity reports:

Security: Fix XSS for pagination, when multi-category selection is used.


Discovery 2018-09-20
Entry 2018-09-30
serendipity
< 2.1.4

https://blog.s9y.org/archives/280-Serendipity-2.1.4-and-2.2.1-alpha1-released.html