The installer of serendipity 1.3 has various Cross Site Scripting issues. This is considered low priority, as attack scenarios are very unlikely.
If you are doing a fresh installation of serendipity, use version 1.3.1.
In general, don't leave uninstalled webapplications laying around on a public webspace.
2008-03-21 Vendor contacted with patches
2008-03-21 Vendor fixed issue in trunk/branch revision
2008-04-22 Vendor released 1.3.1
2008-04-22 Advisory published
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-1386 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. It's licensed under the creative commons attribution license.
Hanno Boeck, 2008-04-xx, http://www.hboeck.de