Lucene search
Veracode Vulnerability DatabaseVERACODE:34035HistoryFeb 07, 2022 - 10:32 p.m.
Cross Site Scripting (XSS)
2022-02-0722:32:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
spip 4.0.0
cross site scripting
vulnerability
editor
personal information
public site
malicious code
EPSS
0.001
Percentile
22.7%
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author’s information, the malicious code will be executed. The “Who are you” and “Website Name” fields are vulnerable.
Related
prion
prion
Cross site scripting
2022-01-26 12:15:00
ubuntucve
ubuntucve
CVE-2021-44120
2022-01-26 00:00:00
cvelist
cvelist
CVE-2021-44120
2022-01-26 11:26:27
cve
cve
CVE-2021-44120
2022-01-26 12:15:07
nvd
nvd
CVE-2021-44120
2022-01-26 12:15:07
osv
osv
CVE-2021-44120
2022-01-26 12:15:07
spip - security update
2021-12-22 00:00:00
spip - security update
2021-12-29 00:00:00
debiancve
debiancve
CVE-2021-44120
2022-01-26 12:15:07
cnvd
cnvd
SPIP interfaces.php cross-site scripting vulnerability
2022-01-28 00:00:00
nessus
nessus
Ubuntu 20.04 LTS : SPIP vulnerabilities (USN-5482-2)
2023-03-02 00:00:00
Ubuntu 18.04 LTS : SPIP vulnerabilities (USN-5482-1)
2022-06-17 00:00:00
openvas
openvas
SPIP < 3.2.12, 4.x < 4.0.1 Multiple Vulnerabilities
2022-01-27 00:00:00
Debian: Security Advisory (DSA-5028-1)
2021-12-23 00:00:00
Debian: Security Advisory (DLA-2867-1)
2021-12-30 00:00:00
ubuntu
ubuntu
SPIP vulnerabilities
2023-03-02 00:00:00
SPIP vulnerabilities
2022-06-16 00:00:00