Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2006-0518
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and previous versions and 1.9 Alpha 2 (5539) and previous versions allows remote malicious users to inject arbitrary web script or HTML via the lang parameter.
Spip Spip
1 EDB exploit
NA
CVE-2023-24258
SPIP v4.1.5 and previous versions exists to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows malicious users to execute arbitrary code via a crafted POST request.
Spip Spip
4.3
CVSSv2
CVE-2017-15736
Cross-site scripting (XSS) vulnerability (stored) in SPIP prior to 3.1.7 allows remote malicious users to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
Spip Spip
NA
CVE-2024-23659
SPIP prior to 4.1.14 and 4.2.x prior to 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
Spip Spip
NA
CVE-2023-52322
ecrire/public/assembler.php in SPIP prior to 4.1.13 and 4.2.x prior to 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
Spip Spip
4.3
CVSSv2
CVE-2022-28959
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows malicious users to execute arbitrary web scripts or HTML.
Spip Spip
6.5
CVSSv2
CVE-2022-28960
A PHP injection vulnerability in Spip before v3.2.8 allows malicious users to execute arbitrary PHP code via the _oups parameter at /ecrire.
Spip Spip
6.5
CVSSv2
CVE-2022-28961
Spip Web Framework v3.1.13 and below exists to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
Spip Spip
6.8
CVSSv2
CVE-2016-7980
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml re...
Spip Spip
1 EDB exploit
5
CVSSv2
CVE-2016-7982
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to enumerate the files on the system via the var_url parameter in a valider_xml action.
Spip Spip
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »