SPIP <3.1.2 - Cross-Site Scripting

SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in validerxml.php which allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action. id: CVE-2016-7981 info: name: SPIP 3.1.2 - Cross-Site Scripting author: pikpikcu severity:...

EUVD-2016-8847

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-7981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the varurl...

CVE-2016-7981

Cross-site scripting XSS vulnerability in validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action...

DEBIAN-CVE-2016-7981

Cross-site scripting XSS vulnerability in validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action...

UBUNTU-CVE-2016-7981

Cross-site scripting XSS vulnerability in validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action...

DEBIAN-CVE-2016-7982

Directory traversal vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the varurl parameter in a validerxml action...