Vulnerabilities > Spip > Spip > 4.2.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-06 | CVE-2024-8517 | Unspecified vulnerability in Spip SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. | 9.8 |
| 2024-01-19 | CVE-2024-23659 | Cross-site Scripting vulnerability in Spip SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. | 6.1 |
| 2024-01-04 | CVE-2023-52322 | Cross-site Scripting vulnerability in Spip ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics. | 6.1 |