0.001 Low
EPSS
Percentile
47.5%
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the $plugin parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
$plugin
core.spip.net/projects/spip/repository/revisions/23288
launchpad.net/bugs/cve/CVE-2016-9998
nvd.nist.gov/vuln/detail/CVE-2016-9998
security-tracker.debian.org/tracker/CVE-2016-9998
www.cve.org/CVERecord?id=CVE-2016-9998