Published: 23/11/2020 Updated: 23/12/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

prive/formulaires/configurer_preferences.php in SPIP prior to 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

spip spip

debian debian linux 10.0

Vendor Advisories

It was discovered that SPIP, a website engine for publishing, did not correctly validate its input This would allow authenticated users to execute arbitrary code For the stable distribution (buster), this problem has been fixed in version 324-1+deb10u3 We recommend that you upgrade your spip packages For the detailed security status of spip p ...