VYPR
Medium severity6.1NVD Advisory· Published Dec 17, 2016· Updated Jun 17, 2026

CVE-2016-9997

CVE-2016-9997

Description

SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the $id parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • Spip/Spip10 versions
    cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:alpha:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:rc:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.3:*:*:*:*:*:*:*
    • (no CPE)range: 3.1.x

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.