5 matches found
CVE-2024-53620
A cross-site scripting XSS vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...
CVE-2024-53619
An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...
CVE-2024-53619
CVE-2024-53619 concerns an authenticated arbitrary file upload in the Documents module of SPIP v4.3.3 that can lead to arbitrary code execution via a crafted PDF upload. The incident is consistently described across multiple sources as affecting SPIP 4.3.3 with an authenticated file upload path, ...
CVE-2024-53620
A cross-site scripting XSS vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...
CVE-2024-53619
An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...