SPIP <3.1.2 - Cross-Site Scripting

SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in validerxml.php which allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action. id: CVE-2016-7981 info: name: SPIP 3.1.2 - Cross-Site Scripting author: pikpikcu severity:...

EUVD-2016-8847

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-7981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the varurl...

Deserialization of untrusted data

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

DEBIAN-CVE-2016-7982

Directory traversal vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the varurl parameter in a validerxml action...

DEBIAN-CVE-2016-7980

Cross-site request forgery CSRF vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted validerxml request. NOTE: this issue can be combin...

CVE-2016-7982

Directory traversal vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the varurl parameter in a validerxml action...

CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

Directory traversal

Directory traversal vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the varurl parameter in a validerxml action...

UBUNTU-CVE-2016-7982

Directory traversal vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the varurl parameter in a validerxml action...

CVE-2016-7981

Cross-site scripting XSS vulnerability in validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action...

UBUNTU-CVE-2016-7981

Cross-site scripting XSS vulnerability in validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action...

DEBIAN-CVE-2016-7981

Cross-site scripting XSS vulnerability in validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action...

CVE-2016-7981

Cross-site scripting XSS vulnerability in validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action...

CVE-2016-7982

Directory traversal vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the varurl parameter in a validerxml action...

CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

CVE-2016-7981

Cross-site scripting XSS vulnerability in validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action...

CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...