Lucene search

K
osvGoogleOSV:CVE-2021-44122
HistoryJan 26, 2022 - 12:15 p.m.

CVE-2021-44122

2022-01-2612:15:07
Google
osv.dev
7
spip 4.0.0
cross site request forgery
csrf
xss
vulnerability
malicious code
authenticated attacker
exploit

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

32.5%

SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF).

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

32.5%