Published: 22/10/2017 Updated: 28/09/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability (stored) in SPIP prior to 3.1.7 allows remote malicious users to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.

Vulnerable Product Search on Vulmon Subscribe to Product

spip spip

Vendor Advisories

Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection For the oldstable distribution (jessie), this problem has been fixed in version 3017-2+deb8u4 For the stable distribution (stretch), this problem has been fixed in version 314-4~deb9u1 We recommend that you upgrade ...
Debian Bug report logs - #879954 spip: CVE-2017-15736 Package: src:spip; Maintainer for src:spip is David Prévot <taffit@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 27 Oct 2017 15:27:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in version spip/3 ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4228-1 security () debian org wwwdebianorg/security/ Sebastien Delafond June 14, 2018 wwwdebianorg/security/faq ...