Vulnerabilities > Spip

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-10	CVE-2022-26847	Information Exposure vulnerability in multiple products SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. network low complexity spip debian CWE-200	5.3
2022-01-26	CVE-2021-44118	Cross-site Scripting vulnerability in Spip 4.0.0 SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. network low complexity spip CWE-79	5.4
2022-01-26	CVE-2021-44120	Cross-site Scripting vulnerability in Spip 4.0.0 SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. network low complexity spip CWE-79	5.4
2022-01-26	CVE-2021-44122	Cross-Site Request Forgery (CSRF) vulnerability in Spip 4.0.0 SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. network low complexity spip CWE-352	8.8
2022-01-26	CVE-2021-44123	Unrestricted Upload of File with Dangerous Type vulnerability in Spip 4.0.0 SPIP 4.0.0 is affected by a remote command execution vulnerability. network low complexity spip CWE-434	8.8
2020-11-23	CVE-2020-28984	prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. network low complexity spip debian critical	9.8
2019-12-17	CVE-2019-19830	_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. network low complexity spip debian canonical	6.5
2019-09-17	CVE-2019-16394	Information Exposure Through Discrepancy vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. network low complexity spip debian canonical CWE-203	5.3
2019-09-17	CVE-2019-16393	Open Redirect vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. network low complexity spip debian canonical CWE-601	6.1
2019-09-17	CVE-2019-16392	Cross-site Scripting vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. network low complexity spip debian canonical CWE-79	6.1

Vulnerabilities > Spip {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Spip"}]}

Vulnerabilities > Spip