Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip spip vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-16392
SPIP prior to 3.1.11 and 3.2 prior to 3.2.5 allows prive/formulaires/login.php XSS via error messages.
Spip Spip
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
4.3
CVSSv2
CVE-2017-15736
Cross-site scripting (XSS) vulnerability (stored) in SPIP prior to 3.1.7 allows remote malicious users to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
Spip Spip
4.3
CVSSv2
CVE-2016-7981
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
Spip Spip
4.3
CVSSv2
CVE-2016-7999
ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
Spip Spip
4.3
CVSSv2
CVE-2016-9997
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
Spip Spip 3.1.0
Spip Spip 3.1.1
Spip Spip 3.1.2
Spip Spip 3.1.3
4.3
CVSSv2
CVE-2016-9998
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
Spip Spip 3.1.1
Spip Spip 3.1.2
Spip Spip 3.1.0
Spip Spip 3.1.3
4.3
CVSSv2
CVE-2016-9152
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote malicious users to inject arbitrary web script or HTML via the rac parameter.
Spip Spip 3.1.3
4.3
CVSSv2
CVE-2013-7303
Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP prior to 2.1.25 and 3.0.x prior to 3.0.13 allow remote malicious users to inject arbitrary web script or HTML via the author name f...
Spip Spip 3.0.3
Spip Spip 3.0.4
Spip Spip 2.1.23
Spip Spip 2.1.22
Spip Spip 2.1.16
Spip Spip 2.1.15
Spip Spip 2.0.9
Spip Spip 2.0.8
Spip Spip 2.0.21
Spip Spip 2.0.20
Spip Spip 2.0.14
Spip Spip 2.0.13
Spip Spip 3.0.10
Spip Spip 3.0.11
Spip Spip 3.0.2
Spip Spip 3.0.9
Spip Spip
Spip Spip 2.1.18
Spip Spip 2.1.17
Spip Spip 2.1.1
Spip Spip 2.1
Spip Spip 2.0.3
4.3
CVSSv2
CVE-2013-4556
Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP prior to 2.1.24 and 3.0.x prior to 3.0.12 allows remote malicious users to inject arbitrary web script or HTML via the url_site parameter.
Spip Spip 3.0.3
Spip Spip 3.0.4
Spip Spip 2.1.21
Spip Spip 2.1.20
Spip Spip 2.1.14
Spip Spip 2.1.13
Spip Spip 2.0.7
Spip Spip 2.0.6
Spip Spip 2.0.19
Spip Spip 2.0.18
Spip Spip 2.0.11
Spip Spip 3.0.0
Spip Spip 3.0.7
Spip Spip 3.0.8
Spip Spip 2.1.18
Spip Spip 2.1.17
Spip Spip 2.1.10
Spip Spip 2.1.1
Spip Spip 2.0.3
Spip Spip 2.0.22
Spip Spip 2.0.15
Spip Spip 2.0.14
4.3
CVSSv2
CVE-2012-2151
Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x prior to 1.9.2.o, 2.0.x prior to 2.0.18, and 2.1.x prior to 2.1.13 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Spip Spip 1.9
Spip Spip 1.9.1
Spip Spip 1.9.2
Spip Spip 2.0
Spip Spip 2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »