CyberSec.Space Logo
返回 CVE 浏览器

CVE-2011-1134

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile30.88th
Published2019年11月5日
Last Modified2024年11月21日

Vulnerability Description

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.

Affected Platforms (CPE)

📦
S9y

Serendipity

< 1.5.5

References & Advisories

🔗 https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html
🔗 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661
🔗 https://security-tracker.debian.org/tracker/CVE-2011-1134
🔗 https://www.openwall.com/lists/oss-security/2011/03/02/5
🔗 https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html
🔗 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661
🔗 https://security-tracker.debian.org/tracker/CVE-2011-1134
🔗 https://www.openwall.com/lists/oss-security/2011/03/02/5

相关漏洞威胁

CVE-2005-144910.0

Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.

CVE-2005-145210.0

Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."

CVE-2020-109649.8

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may e...

CVE-2016-100829.8

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution att...