Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-15736
Cross-site scripting (XSS) vulnerability (stored) in SPIP prior to 3.1.7 allows remote malicious users to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
Spip Spip
4.3
CVSSv2
CVE-2016-7981
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
Spip Spip
5
CVSSv2
CVE-2016-7982
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to enumerate the files on the system via the var_url parameter in a valider_xml action.
Spip Spip
1 EDB exploit
4.3
CVSSv2
CVE-2016-7999
ecrire/exec/valider_xml.php in SPIP 3.1.2 and previous versions allows remote malicious users to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
Spip Spip
7.5
CVSSv2
CVE-2006-1702
PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote malicious users to execute arbitrary PHP code via a URL in the url parameter.
Spip Spip 1.8.3
1 EDB exploit
7.5
CVSSv2
CVE-2007-4525
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote malicious users to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, s...
Spip Spip 1.7.2
7.5
CVSSv2
CVE-2006-0626
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and previous versions allows remote malicious users to execute arbitrary SQL commands via the file parameter.
Spip Spip 1.8.2g
1 EDB exploit
2.6
CVSSv2
CVE-2005-4494
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.
Spip Spip 1.8.2
4.3
CVSSv2
CVE-2016-9152
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote malicious users to inject arbitrary web script or HTML via the rac parameter.
Spip Spip 3.1.3
3.5
CVSSv2
CVE-2021-44118
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated malicious user to inject malicious code running on the client side into web pages visited b...
Spip Spip 4.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »