Vulnerabilities > Spip > Spip > 4.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-19 | CVE-2024-23659 | Cross-site Scripting vulnerability in Spip SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. | 6.1 |
2024-01-04 | CVE-2023-52322 | Cross-site Scripting vulnerability in Spip ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics. | 6.1 |
2023-02-28 | CVE-2023-27372 | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. | 9.8 |
2023-02-27 | CVE-2023-24258 | SQL Injection vulnerability in Spip SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. | 9.8 |
2022-12-14 | CVE-2022-37155 | Unspecified vulnerability in Spip RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter. | 8.8 |
2022-03-10 | CVE-2022-26846 | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. | 6.5 |
2022-03-10 | CVE-2022-26847 | Information Exposure vulnerability in multiple products SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. | 5.0 |
2022-01-26 | CVE-2021-44118 | Cross-site Scripting vulnerability in Spip 4.0.0 SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. | 3.5 |
2022-01-26 | CVE-2021-44120 | Cross-site Scripting vulnerability in Spip 4.0.0 SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. | 3.5 |
2022-01-26 | CVE-2021-44122 | Cross-Site Request Forgery (CSRF) vulnerability in Spip 4.0.0 SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. | 6.8 |