Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote malicious users to inject arbitrary web script or HTML via the rac parameter.
Debian Bug report logs -
#848641
spip: CVE-2016-9997 CVE-2016-9998
Package:
src:spip;
Maintainer for src:spip is David Prévot <taffit@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 19 Dec 2016 05:39:01 UTC
Severity: important
Tags: patch, security, upstream
Found in version spip/313 ...
Debian Bug report logs -
#847156
spip: CVE-2016-9152
Package:
src:spip;
Maintainer for src:spip is David Prévot <taffit@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 6 Dec 2016 06:15:01 UTC
Severity: important
Tags: patch, security, upstream
Found in version spip/313-1
Fixed in ve ...
Vulmon