Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
spip vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2016-7980
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE:...
Spip
1 EDB exploit available
4.3
CVSSv2
CVE-2017-15736
Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php....
Spip
6.5
CVSSv2
CVE-2016-7998
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action....
Spip
1 EDB exploit available
4.3
CVSSv2
CVE-2006-0518
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter....
Spip
1 EDB exploit available
4
CVSSv2
CVE-2019-16391
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php....
Spip
4.3
CVSSv2
CVE-2012-2151
Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors....
Spip
5
CVSSv2
CVE-2019-16394
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers....
Spip
1 Github repository available
7.5
CVSSv2
CVE-2013-2118
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php....
Spip
1 EDB exploit available
7.5
CVSSv2
CVE-2007-4525
** DISPUTED ** PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party...
Spip
7.5
CVSSv2
CVE-2008-5813
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information....
Spip
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-2034
SSTI
mods-for-hesk
phplist
mods for hesk
CVE-2020-15092
CVE-2020-8195
open redirect
CVE-2018-12371
overflow
CVE-2012-6489
CVE-2013-0802
« PREV
1
2
3
4
NEXT »
Vulmon