Vulnerabilities > Spip > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2024-23659 | Cross-site Scripting vulnerability in Spip SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. | 6.1 |
| 2024-01-04 | CVE-2023-52322 | Cross-site Scripting vulnerability in Spip ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics. | 6.1 |
| 2022-05-19 | CVE-2022-28959 | Cross-site Scripting vulnerability in Spip Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML. | 4.3 |
| 2022-05-19 | CVE-2022-28961 | SQL Injection vulnerability in Spip Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters. | 6.5 |
| 2022-03-10 | CVE-2022-26846 | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. | 6.5 |
| 2022-03-10 | CVE-2022-26847 | Information Exposure vulnerability in multiple products SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. | 5.0 |
| 2022-01-26 | CVE-2021-44122 | Cross-Site Request Forgery (CSRF) vulnerability in Spip 4.0.0 SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. | 6.8 |
| 2022-01-26 | CVE-2021-44123 | Unrestricted Upload of File with Dangerous Type vulnerability in Spip 4.0.0 SPIP 4.0.0 is affected by a remote command execution vulnerability. | 6.5 |
| 2019-12-17 | CVE-2019-19830 | _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. | 4.0 |
| 2019-09-17 | CVE-2019-16394 | Information Exposure Through Discrepancy vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. | 5.0 |