Vulnerabilities > Spip > Spip > 2.1.15
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-04-08 | CVE-2016-3154 | Code Injection vulnerability in Spip The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | 7.5 |
2016-04-08 | CVE-2016-3153 | Code Injection vulnerability in multiple products SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. | 7.5 |
2014-01-30 | CVE-2013-7303 | Cross-Site Scripting vulnerability in Spip Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field. | 4.3 |
2013-11-18 | CVE-2013-4556 | Cross-Site Scripting vulnerability in Spip Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter. | 4.3 |
2013-11-18 | CVE-2013-4555 | Cross-Site Request Forgery (CSRF) vulnerability in Spip Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors. | 6.8 |
2013-07-09 | CVE-2013-2118 | Unspecified vulnerability in Spip SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php. | 7.5 |