Spip@3.0.4 Security Vulnerabilities and Issues — Spip@3.0.4 CVE List

Lucene search

SpipSpip3.0.4

6 matches found

CVE•added 2013/07/09 5:55 p.m.•60 views

CVE-2013-2118

SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.

7.5CVSS6.8AI score0.09378EPSS

CVE•added 2016/04/08 2:59 p.m.•60 views

CVE-2016-3153

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.

9.8CVSS9.7AI score0.01236EPSS

CVE•added 2014/01/30 9:55 p.m.•59 views

CVE-2013-7303

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.

4.3CVSS5.9AI score0.00557EPSS

CVE•added 2016/04/08 2:59 p.m.•56 views

CVE-2016-3154

The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.

9.8CVSS9.6AI score0.01236EPSS

CVE•added 2013/11/18 2:55 a.m.•51 views

CVE-2013-4557

The Security Screen (core /securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.

7.5CVSS7.5AI score0.0193EPSS

CVE•added 2013/11/18 2:55 a.m.•43 views

CVE-2013-4556

Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.

4.3CVSS5.7AI score0.00431EPSS