Lucene search
+L

9 matches found

nuclei
nuclei
added 9 hours ago160 views

SPIP <3.1.2 - Cross-Site Scripting

SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in validerxml.php which allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action. id: CVE-2016-7981 info: name: SPIP 3.1.2 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.8AI score0.08216EPSS
Exploits2References5
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-8847

Malware in sbrugna...

7.4CVSS7.5AI score0.02299EPSS
Exploits2References11
prion
prion
added 2017/01/18 5:59 p.m.8 views

Deserialization of untrusted data

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

6.5CVSS8.5AI score0.13649EPSS
Exploits7References8Affected Software1
prion
prion
added 2017/01/18 5:59 p.m.8 views

Directory traversal

Directory traversal vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the varurl parameter in a validerxml action...

5CVSS7AI score0.20515EPSS
Exploits4References6Affected Software1
ubuntucve
ubuntucve
added 2017/01/18 5:59 p.m.27 views

CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

8.8CVSS7.5AI score0.13649EPSS
Exploits7References2
osv
osv
added 2017/01/18 5:59 p.m.2 views

UBUNTU-CVE-2016-7982

Directory traversal vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the varurl parameter in a validerxml action...

7.5CVSS7.2AI score0.20515EPSS
Exploits4References5
cvelist
cvelist
added 2017/01/18 5:0 p.m.34 views

CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

8.6AI score0.13649EPSS
Exploits7References8
debiancve
debiancve
added 2017/01/18 5:0 p.m.66 views

CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

8.8CVSS8.7AI score0.13649EPSS
Exploits7
debiancve
debiancve
added 2017/01/18 5:0 p.m.46 views

CVE-2016-7982

Directory traversal vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the varurl parameter in a validerxml action...

7.5CVSS7.6AI score0.20515EPSS
Exploits4
Rows per page
Query Builder