Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 26/01/2022 Updated: 02/02/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated malicious user to execute malicious code without the knowledge of the user on the website (CSRF).

Vulnerable Product	Search on Vulmon	Subscribe to Product
spip spip 4.0.0

Several security issues were fixed in SPIP ...

CWE-352 https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db https://ubuntu.com/security/notices/USN-5482-1 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-44122

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect