CVE search results

1 – 10 of 48 results

Detailed view

Sort by:

CVE-2024-53620

Medium priority

Needs evaluation

A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.

1 affected package

spip

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
spip	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2024-53619

Medium priority

Needs evaluation

An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.

1 affected package

spip

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
spip	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2024-8517

Medium priority

Some fixes available 3 of 6

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.

1 affected package

spip

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
spip	Vulnerable	Vulnerable	Fixed	Fixed	Vulnerable

CVE-2024-7954

Medium priority

Vulnerable

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a...

1 affected package

spip

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
spip	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2024-23659

Medium priority

Needs evaluation

SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.

1 affected package

spip

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
spip	Not affected	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-52322

Medium priority

Needs evaluation

ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.

1 affected package

spip

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
spip	Not affected	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-27372

Medium priority

Some fixes available 2 of 7

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

1 affected package

spip

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
spip	Not affected	Vulnerable	Fixed	Fixed	Vulnerable

CVE-2023-24258

Medium priority

Some fixes available 2 of 7

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.

1 affected package

spip

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
spip	Not affected	Vulnerable	Fixed	Fixed	Vulnerable

CVE-2022-37155

Medium priority

Some fixes available 1 of 6

RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.

1 affected package

spip

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
spip	Not affected	Vulnerable	Not affected	Fixed	Vulnerable

CVE-2022-28961

Medium priority

Some fixes available 1 of 6

Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.

1 affected package

spip

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
spip	Not affected	Not affected	Not affected	Fixed	Vulnerable

Export to JSON

Results by page:

Search CVE reports