VYPR
Medium severity6.1NVD Advisory· Published Dec 17, 2016· Updated Jun 17, 2026

CVE-2016-9998

CVE-2016-9998

Description

SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the $plugin parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • Spip/Spip10 versions
    cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:spip:spip:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:alpha:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:rc:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:spip:spip:3.1.3:*:*:*:*:*:*:*
    • (no CPE)range: 3.1.x

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.