Shodan
Vulnerabilities
Vulnerable Software
Spip:  >> Spip  >> 2.1.24  Security Vulnerabilities
CVE-2016-7981
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
CVSS Score
6.1
EPSS Score
0.435
Published
2017-01-18
CVE-2016-7982
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
CVSS Score
7.5
EPSS Score
0.327
Published
2017-01-18
CVE-2013-7303
Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-01-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved