CVE-2016-9998

🗓️ 17 Dec 2016 03:34:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 54 Views🌐 WEB

SPIP 3.1.x Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.ph

Reporter	Title	Published	Views	Family All 14
CNVD	SPIP Cross-Footprint Vulnerability (CNVD-2016-13014)	20 Dec 201600:00	–	cnvd
Cvelist	CVE-2016-9998	17 Dec 201603:34	–	cvelist
Debian	[SECURITY] [DLA 760-1] spip security update	24 Dec 201623:10	–	debian
Debian CVE	CVE-2016-9998	17 Dec 201603:34	–	debiancve
Tenable Nessus	Debian DLA-760-1 : spip security update	27 Dec 201600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2016-9998	25 Aug 202500:00	–	nessus
EUVD	EUVD-2016-10781	7 Oct 202500:30	–	euvd
NVD	CVE-2016-9998	17 Dec 201603:59	–	nvd
OpenVAS	Debian: Security Advisory (DLA-760-1)	8 Mar 202300:00	–	openvas
OSV	DEBIAN-CVE-2016-9998	17 Dec 201603:59	–	osv

NVD

Node

spip spipMatch3.1.0

spip spipMatch3.1.0alpha

spip spipMatch3.1.0beta

spip spipMatch3.1.0rc

spip spipMatch3.1.0rc2

spip spipMatch3.1.0rc3

spip spipMatch3.1.1

spip spipMatch3.1.2

spip spipMatch3.1.3

Source	Link
core	www.core.spip.net/projects/spip/repository/revisions/23288
securityfocus	www.securityfocus.com/bid/95008
securitytracker	www.securitytracker.com/id/1037486

Parameter	Position	Path	Description	CWE
plugin	query param	ecrire/exec/info_plugin.php	Reflected Cross-Site Scripting via plugin parameter in info_plugin.php (SPIP 3.1.x).	CWE-79

06 May 2026 22:30Current

6Medium risk

Vulners AI Score6

CVSS 24.3

CVSS 36.1

EPSS0.00292