CVE-2021-44120

2022-01-2600:00:00

ubuntu.com

0.001 Low

EPSS

Percentile

22.4%

JSON

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in
ecrire/public/interfaces.php, adding the function safehtml to the
vulnerable fields. An editor is able to modify his personal information. If
the editor has an article written and available, when a user goes to the
public site and wants to read the author’s information, the malicious code
will be executed. The “Who are you” and “Website Name” fields are
vulnerable.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchspip< 3.1.4-4~deb9u5build0.18.04.1UNKNOWN
ubuntu20.04noarchspip< 3.2.7-1ubuntu0.1UNKNOWN
ubuntu21.10noarchspip< 3.2.11-3+deb11u3build0.21.10.1UNKNOWN
ubuntu16.04noarchspip< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	spip	< 3.1.4-4~deb9u5build0.18.04.1	UNKNOWN
ubuntu	20.04	noarch	spip	< 3.2.7-1ubuntu0.1	UNKNOWN
ubuntu	21.10	noarch	spip	< 3.2.11-3+deb11u3build0.21.10.1	UNKNOWN
ubuntu	16.04	noarch	spip	< any	UNKNOWN