Lee Sheldon Victor

**Name of the Vulnerable Software and Affected Versions** Serendipity versions prior to 2.1 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. This can be exploited by including a malicious URL in the HTTP Referer header. **Recommendations** For versions prior to 2.1, update to version 2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Serendipity versions through 2.0.5 **Description** The issue allows for CSRF in deleting any comments, which can be exploited through the comment.php file. **Recommendations** For versions through 2.0.5, update to a version that contains a fix for this issue to prevent CSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Serendipity versions prior to 2.0.6 **Description** The issue allows for Cross-Site Request Forgery (CSRF) attacks, which can lead to the installation of an event plugin or a sidebar plugin without the user's consent. **Recommendations** For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.