VYPR

Spip

by Spip

Source repositories

CVEs (78)

  • CVE-2020-28984Nov 23, 2020
    risk 0.00cvss epss 0.02

    prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.

  • CVE-2019-19830Dec 17, 2019
    risk 0.00cvss epss 0.01

    _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.

  • CVE-2019-16391Sep 17, 2019
    risk 0.00cvss epss 0.01

    SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.

  • CVE-2019-16392Sep 17, 2019
    risk 0.00cvss epss 0.01

    SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.

  • CVE-2019-16393Sep 17, 2019
    risk 0.00cvss epss 0.01

    SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.

  • CVE-2019-11071Apr 10, 2019
    risk 0.00cvss epss 0.03

    SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.

  • CVE-2013-7303Jan 30, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.

  • CVE-2013-4556Nov 18, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.

  • CVE-2013-4555Nov 18, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors.

  • CVE-2012-4331Aug 14, 2012
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.

  • CVE-2012-2151Aug 14, 2012
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-5813Jan 2, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5812Jan 2, 2009
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.

  • CVE-2007-4525Aug 25, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers,…

  • CVE-2006-1295Mar 19, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.

  • CVE-2006-0519Feb 2, 2006
    risk 0.00cvss epss 0.02

    SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.

  • CVE-2006-0517Feb 2, 2006
    risk 0.00cvss epss 0.03

    Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3;…

  • CVE-2005-4494Dec 22, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.

Page 4 of 4