Cross Site Scripting(XSS)

spip:sid is vulnerable to Cross Site ScriptingXSS. This vulnerability due to input fromrequest is not restricted to safe characters. It allow an attacker to change files in ecrire/public/assembler.php...

Design/Logic Flaw

ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from request is not restricted to safe characters such as alphanumerics...

CVE-2023-52322

ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from request is not restricted to safe characters such as alphanumerics...

PT-2024-14522 · Spip · Spip

Name of the Vulnerable Software and Affected Versions: SPIP versions 4.1.3 and earlier SPIP versions 4.2.x through 4.2.6 Description: The issue arises from the ecrire/public/assembler.php file in SPIP, where input from request is not restricted to safe characters, such as alphanumerics, allowing...

CVE-2023-52322

SPIP is affected by a cross-site scripting (XSS) vulnerability in ecrire/public/assembler.php, due to unsanitized input from _request() being allowed outside safe characters. The issue affects SPIP versions prior to 4.1.13 and 4.2.x prior to 4.2.7. In practice, attacker-controlled input can be re...