Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spip vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-44120
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes ...
Spip Spip 4.0.0
605
VMScore
CVE-2021-44122
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is ...
Spip Spip 4.0.0
231
VMScore
CVE-2005-4494
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.
Spip Spip 1.8.2
578
VMScore
CVE-2019-11071
SPIP 3.1 prior to 3.1.10 and 3.2 prior to 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
Spip Spip
Debian Debian Linux 9.0
668
VMScore
CVE-2020-28984
prive/formulaires/configurer_preferences.php in SPIP prior to 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
Spip Spip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
356
VMScore
CVE-2019-19830
_core_/plugins/medias in SPIP 3.2.x prior to 3.2.7 allows remote authenticated authors to inject content into the database.
Spip Spip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
445
VMScore
CVE-2022-26847
SPIP prior to 3.2.14 and 4.x prior to 4.0.5 allows unauthenticated access to information about editorial objects.
Spip Spip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
578
VMScore
CVE-2022-26846
SPIP prior to 3.2.14 and 4.x prior to 4.0.5 allows remote authenticated editors to execute arbitrary code.
Spip Spip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
356
VMScore
CVE-2019-16391
SPIP prior to 3.1.11 and 3.2 prior to 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
Spip Spip
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
383
VMScore
CVE-2019-16392
SPIP prior to 3.1.11 and 3.2 prior to 3.2.5 allows prive/formulaires/login.php XSS via error messages.
Spip Spip
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »