383
VMScore

CVE-2013-7303

Published: 30/01/2014 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP prior to 2.1.25 and 3.0.x prior to 3.0.13 allow remote malicious users to inject arbitrary web script or HTML via the author name field.

Vulnerable Product Search on Vulmon Subscribe to Product

spip spip 2.0.1

spip spip 2.0.2

spip spip 2.0.3

spip spip 2.0.4

spip spip 2.0.5

spip spip 2.0.6

spip spip 2.0.7

spip spip 2.0.8

spip spip 2.0.9

spip spip 2.0.10

spip spip 2.0.11

spip spip 2.0.12

spip spip 2.0.13

spip spip 2.0.14

spip spip 2.0.15

spip spip 2.0.16

spip spip 2.0.17

spip spip 2.0.18

spip spip 2.0.19

spip spip 2.0.20

spip spip 2.0.21

spip spip 2.0.22

spip spip 2.1

spip spip 2.1.1

spip spip 2.1.2

spip spip 2.1.10

spip spip 2.1.11

spip spip 2.1.12

spip spip 2.1.13

spip spip 2.1.14

spip spip 2.1.15

spip spip 2.1.16

spip spip 2.1.17

spip spip 2.1.18

spip spip 2.1.19

spip spip 2.1.20

spip spip 2.1.21

spip spip 2.1.22

spip spip 2.1.23

spip spip

spip spip 3.0.0

spip spip 3.0.1

spip spip 3.0.2

spip spip 3.0.3

spip spip 3.0.4

spip spip 3.0.5

spip spip 3.0.6

spip spip 3.0.7

spip spip 3.0.8

spip spip 3.0.9

spip spip 3.0.10

spip spip 3.0.11

Vendor Advisories

Debian Bug report logs - #736170 CVE-2013-7303: XSS on author Package: spip; Maintainer for spip is David Prévot <taffit@debianorg>; Source for spip is src:spip (PTS, buildd, popcon) Reported by: David Prévot <taffit@debianorg> Date: Mon, 20 Jan 2014 17:39:01 UTC Severity: important Tags: patch, security, upstre ...