CVEDB API

Vulnerabilities

Vulnerable Software

Spip: >> Spip >> 2.0.25 Security Vulnerabilities

CVE-2016-7981

Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.

CVSS Score

6.1

EPSS Score

0.435

Published

2017-01-18

CVE-2016-7982

Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.

CVSS Score

7.5

EPSS Score

0.327

Published

2017-01-18

CVE-2013-7303

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.

CVSS Score

4.3

EPSS Score

0.004

Published

2014-01-30

CVE-2013-4555

Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors.

CVSS Score

6.8

EPSS Score

0.002

Published

2013-11-18

CVE-2013-4556

Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.

CVSS Score

4.3

EPSS Score

0.003

Published

2013-11-18

Page 3

Vulnerabilities

Vulnerable Software

Spip: >> Spip >> 2.0.25 Security Vulnerabilities

Products

Pricing

Contact Us