2 matches found
CVE-2022-28960
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the oups parameter at /ecrire...
CVE-2023-52322
ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from request is not restricted to safe characters such as alphanumerics...