SPIP <3.1.2 - Cross-Site Scripting

SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in validerxml.php which allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action. id: CVE-2016-7981 info: name: SPIP 3.1.2 - Cross-Site Scripting author: pikpikcu severity:...

SPIP Porte Plume Plugin - Remote Code Execution

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request. id: CVE-2024-7954 info: name: SPIP Porte Plume...

SPIP BigUp Plugin - Remote Code Execution

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. id: CVE-2024-8517 info: name: SPIP BigUp Plugin - Remote Code Execution...

SPIP - Remote Command Execution

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. id: CVE-2023-27372 info: name: SPIP - Remote Command Execution author: DhiyaneshDK,nuts7 severity: critical description: ...

SPIP Saisies - Remote Code Execution

SPIP Saisies plugin 5.4.0 through 5.11.0 contains a remote code execution caused by an unspecified flaw, letting attackers execute arbitrary code on the server, exploit requires no special conditions. id: CVE-2025-71243 info: name: SPIP Saisies - Remote Code Execution author: omarkurt severity:...

CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

Debian dsa-6296 : spip - security update

The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6296 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6296-1 [email protected] https://www.debian.org/securit...

Malicious code in spip-pth-demo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb61035c28fe642903fac1b2776b2593c1611831ce5553e63ef8b09a77e414c9 The package installs a suspicious-demo.pth file into site-packages via setup.py's datafiles="", "suspicious-demo.pth". Python auto-processes.pth file...

MAL-2026-4770 Malicious code in spip-pth-demo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb61035c28fe642903fac1b2776b2593c1611831ce5553e63ef8b09a77e414c9 The package installs a suspicious-demo.pth file into site-packages via setup.py's datafiles="", "suspicious-demo.pth". Python auto-processes.pth file...

[SECURITY] [DSA 6296-1] spip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6296-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 25, 2026 https://www.debian.org/security/faq -...

Linux Distros Unpatched Vulnerability : CVE-2026-48832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability. CVE-2026-48832 Note that Nessus relies on the presence of the...

DEBIAN-CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

CVE-2026-48832

The vulnerability affects SPIP’s ecrire component in SPIP prior to version 4.4.15, where action/cookie.php is prone to an open redirect. The underlying issue is an open redirect, allowing an attacker to redirect users to a malicious site via crafted input. Version 4.4.15 addresses this issue (as ...

EUVD-2026-31601

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

SPIP 输入验证错误漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.15 had a vulnerability related to input validation errors, which stemmed from an open-redirecting vulnerability in the action/cookie.php file within ecrire...

Linux Distros Unpatched Vulnerability : CVE-2026-8430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing...