VYPR
Unrated severityNVD Advisory· Published Jan 26, 2022· Updated Aug 4, 2024

CVE-2021-44120

CVE-2021-44120

Description

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Spip/Spipcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 4.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.