Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2006-0518
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and previous versions and 1.9 Alpha 2 (5539) and previous versions allows remote malicious users to inject arbitrary web script or HTML via the lang parameter.
Spip Spip
1 EDB exploit
445
VMScore
CVE-2006-0519
SPIP 1.8.2-e and previous versions and 1.9 Alpha 2 (5539) and previous versions allows remote malicious users to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.
Spip Spip
NA
CVE-2022-37155
RCE in SPIP 3.1.13 up to and including 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
Spip Spip
NA
CVE-2023-52322
ecrire/public/assembler.php in SPIP prior to 4.1.13 and 4.2.x prior to 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
Spip Spip
231
VMScore
CVE-2005-4494
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.
Spip Spip 1.8.2
312
VMScore
CVE-2021-44118
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated malicious user to inject malicious code running on the client side into web pages visited b...
Spip Spip 4.0.0
312
VMScore
CVE-2021-44120
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes ...
Spip Spip 4.0.0
605
VMScore
CVE-2021-44122
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is ...
Spip Spip 4.0.0
578
VMScore
CVE-2021-44123
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.
Spip Spip 4.0.0
755
VMScore
CVE-2006-0626
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and previous versions allows remote malicious users to execute arbitrary SQL commands via the file parameter.
Spip Spip 1.8.2g
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »