Vulnerabilities > Spip > Spip > 3.0.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-08 | CVE-2016-3154 | Code Injection vulnerability in Spip The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | 7.5 |
| 2016-04-08 | CVE-2016-3153 | Code Injection vulnerability in multiple products SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. | 7.5 |
| 2014-01-30 | CVE-2013-7303 | Cross-Site Scripting vulnerability in Spip Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field. | 4.3 |
| 2013-11-18 | CVE-2013-4557 | Code Injection vulnerability in Spip The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter. | 7.5 |
| 2013-11-18 | CVE-2013-4556 | Cross-Site Scripting vulnerability in Spip Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter. | 4.3 |