SPIP 安全漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.13 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the author’s data structure by STATUT, which could lead to improper permission allocatio...

SPIP 安全漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.8 contained security vulnerabilities. These vulnerabilities stemmed from improper sandboxing or escaping of iframe content in private areas, which could lead to cross-site scripting...

CVE-2019-16393

SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character...

EUVD-2020-21367

Malware in sbrugna...

EUVD-2012-4275

Malware in sbrugna...

EUVD-2008-5782

Malware in sbrugna...

EUVD-2016-4205

Malware in sbrugna...

CVE-2012-4331

Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting XSS, different vulnerabilities than CVE-2012-2151...

USN-7318-1: SPIP vulnerabilities

It was discovered that svg-sanitizer, vendored in SPIP, did not properly sanitize SVG/XML content. An attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 24.10. CVE-2022-23638 It was discovered that SPIP did not properly sanitize certain inputs....

USN-7318-1 spip vulnerabilities

It was discovered that svg-sanitizer, vendored in SPIP, did not properly sanitize SVG/XML content. An attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 24.10. CVE-2022-23638 It was discovered that SPIP did not properly sanitize certain inputs....

Ubuntu 18.04 LTS / 20.04 LTS / 24.10 : SPIP vulnerabilities (USN-7318-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7318-1 advisory. It was discovered that svg-sanitizer, vendored in SPIP, did not properly sanitize SVG/XML content. An attacker could possibly use thi...

USN-5482-1 spip vulnerabilities

It was discovered that SPIP incorrectly validated inputs. An authenticated attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2020-28984 Charles Fol and Théo Gordyjan discovered that SPIP is vulnerable to Cross Site Scripting XSS. If a...

Ubuntu 18.04 LTS : SPIP vulnerabilities (USN-4536-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4536-1 advisory. Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site...

CVE-2016-3154

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

DEBIAN-CVE-2013-7303

Multiple cross-site scripting XSS vulnerabilities in 1 squelettes-dist/formulaires/inscription.php and 2 prive/forms/editerauteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field...

CVE-2012-4331

Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting XSS, different vulnerabilities than CVE-2012-2151...

CVE-2008-5812

Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors...

CVE-2006-0517

Multiple SQL injection vulnerabilities in formulaires/inc-formulaireforum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 5539 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 idforum, 2 idarticle, or 3 idbreve parameters to forum.php3; 4 unspecified vectors related...