CVE-2021-44120

2022-01-2612:15:00

Debian Security Bug Tracker

security-tracker.debian.org

0.001 Low

EPSS

Percentile

22.4%

JSON

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author’s information, the malicious code will be executed. The “Who are you” and “Website Name” fields are vulnerable.

OSVersionArchitecturePackageVersionFilename
Debian12allspip< 3.2.12-1spip_3.2.12-1_all.deb
Debian11allspip< 3.2.11-3+deb11u1spip_3.2.11-3+deb11u1_all.deb
Debian10allspip< 3.2.4-1+deb10u5spip_3.2.4-1+deb10u5_all.deb
Debian999allspip< 3.2.12-1spip_3.2.12-1_all.deb
Debian13allspip< 3.2.12-1spip_3.2.12-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	spip	< 3.2.12-1	spip_3.2.12-1_all.deb
Debian	11	all	spip	< 3.2.11-3+deb11u1	spip_3.2.11-3+deb11u1_all.deb
Debian	10	all	spip	< 3.2.4-1+deb10u5	spip_3.2.4-1+deb10u5_all.deb
Debian	999	all	spip	< 3.2.12-1	spip_3.2.12-1_all.deb
Debian	13	all	spip	< 3.2.12-1	spip_3.2.12-1_all.deb

0.001 Low

EPSS

Percentile

22.4%

JSON

Related for DEBIANCVE:CVE-2021-44120