Published: 22/10/2017 Updated: 28/09/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability (stored) in SPIP prior to 3.1.7 allows remote malicious users to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
spip spip

Debian Bug report logs - #879954 spip: CVE-2017-15736 Package: src:spip; Maintainer for src:spip is David Prévot <taffit@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 27 Oct 2017 15:27:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in version spip/3 ...

Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection For the oldstable distribution (jessie), this problem has been fixed in version 3017-2+deb8u4 For the stable distribution (stretch), this problem has been fixed in version 314-4~deb9u1 We recommend that you upgrade ...

CWE-79 https://core.spip.net/projects/spip/repository/revisions/23701 https://www.debian.org/security/2018/dsa-4228 https://usn.ubuntu.com/4536-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879954 https://nvd.nist.gov https://www.debian.org/security/./dsa-4228

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-15736

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect