Vulnerabilities > Spip

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2024-23659 Cross-site Scripting vulnerability in Spip
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file.
network
low complexity
spip CWE-79
6.1
2024-01-04 CVE-2023-52322 Cross-site Scripting vulnerability in Spip
ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.
network
low complexity
spip CWE-79
6.1
2023-02-28 CVE-2023-27372 SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled.
network
low complexity
spip debian
critical
9.8
2023-02-27 CVE-2023-24258 SQL Injection vulnerability in Spip
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter.
network
low complexity
spip CWE-89
critical
9.8
2022-12-14 CVE-2022-37155 Unspecified vulnerability in Spip
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.
network
low complexity
spip
8.8
2022-05-19 CVE-2022-28959 Cross-site Scripting vulnerability in Spip
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
network
spip CWE-79
4.3
2022-05-19 CVE-2022-28960 Improper Encoding or Escaping of Output vulnerability in Spip
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
network
low complexity
spip CWE-116
8.8
2022-05-19 CVE-2022-28961 SQL Injection vulnerability in Spip
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
network
low complexity
spip CWE-89
6.5
2022-03-10 CVE-2022-26846 SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
network
low complexity
spip debian
6.5
2022-03-10 CVE-2022-26847 Information Exposure vulnerability in multiple products
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
network
low complexity
spip debian CWE-200
5.0