Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5482-2
HistoryMar 02, 2023 - 12:00 a.m.

SPIP vulnerabilities

2023-03-0200:00:00
ubuntu.com
35

8.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.9%

JSON

Releases

  • Ubuntu 20.04 LTS

Packages

  • spip - website engine for publishing

Details

USN-5482-1 fixed several vulnerabilities in SPIP. This update provides
the corresponding updates for Ubuntu 20.04 LTS for CVE-2021-44118,
CVE-2021-44120, CVE-2021-44122 and CVE-2021-44123.

Original advisory details:

It was discovered that SPIP incorrectly validated inputs. An authenticated
attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28984)

Charles Fol and ThΓ©o Gordyjan discovered that SPIP is vulnerable to Cross
Site Scripting (XSS). If a user were tricked into browsing a malicious SVG
file, an attacker could possibly exploit this issue to execute arbitrary
code. This issue was only fixed in Ubuntu 21.10. (CVE-2021-44118,
CVE-2021-44120, CVE-2021-44122, CVE-2021-44123)

It was discovered that SPIP incorrectly handled certain forms. A remote
authenticated editor could possibly use this issue to execute arbitrary code,
and a remote unauthenticated attacker could possibly use this issue to obtain
sensitive information. (CVE-2022-26846, CVE-2022-26847)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchspip<Β 3.2.7-1ubuntu0.1UNKNOWN

Related

nessus 5
openvas 10
osv 15
ubuntu 1
debian 4
cvelist 7
prion 7
cnvd 5
debiancve 7
veracode 7
cve 7
ubuntucve 7
nessus
nessus
Ubuntu 18.04 LTS : SPIP vulnerabilities (USN-5482-1)
2022-06-17 00:00:00
Ubuntu 20.04 LTS : SPIP vulnerabilities (USN-5482-2)
2023-03-02 00:00:00
Debian DLA-2949-1 : spip - LTS security update
2022-03-15 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5482-2)
2023-03-03 00:00:00
Ubuntu: Security Advisory (USN-5482-1)
2022-06-17 00:00:00
Debian: Security Advisory (DLA-2867-1)
2021-12-30 00:00:00
osv
osv
spip vulnerabilities
2023-03-02 10:15:19
spip vulnerabilities
2022-06-16 16:22:11
spip - security update
2021-12-29 00:00:00
ubuntu
ubuntu
SPIP vulnerabilities
2022-06-16 00:00:00
debian
debian
[SECURITY] [DLA 2949-1] spip security update
2022-03-15 10:55:38
[SECURITY] [DSA 4798-1] spip security update
2020-11-25 07:56:28
[SECURITY] [DLA 2505-1] spip security update
2020-12-23 18:06:21
cvelist
cvelist
CVE-2021-44122
2022-01-26 11:47:55
CVE-2020-28984
2020-11-23 21:48:53
CVE-2021-44123
2022-01-26 11:57:30
prion
prion
Cross site scripting
2022-01-26 12:15:00
Code injection
2020-11-23 22:15:00
Design/Logic Flaw
2022-01-26 12:15:00
cnvd
cnvd
SPIP Cross-site Request Forgery Vulnerability (CNVD-2022-08190)
2022-01-28 00:00:00
SPIP parameter improper validation vulnerability
2020-11-24 00:00:00
SPIP SVG Cross-Site Scripting Vulnerability
2022-01-28 00:00:00
debiancve
debiancve
CVE-2021-44123
2022-01-26 12:15:00
CVE-2021-44118
2022-01-26 12:15:00
CVE-2020-28984
2020-11-23 22:15:00
veracode
veracode
Remote Code Execution (RCE)
2022-02-07 22:32:43
Improper Validation
2020-12-06 03:49:31
Cross-site Scripting (XSS)
2022-02-07 22:33:22
cve
cve
CVE-2020-28984
2020-11-23 22:15:00
CVE-2021-44120
2022-01-26 12:15:00
CVE-2021-44122
2022-01-26 12:15:00
ubuntucve
ubuntucve
CVE-2020-28984
2020-11-23 00:00:00
CVE-2021-44122
2022-01-26 00:00:00
CVE-2021-44120
2022-01-26 00:00:00

8.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.9%

JSON
Related for USN-5482-2
nessus5openvas10osv15ubuntu1debian4cvelist7prion7cnvd5debiancve7veracode7cve7ubuntucve7