Spip · Spip · CVE-2016-9152
**Name of the Vulnerable Software and Affected Versions**
SPIP version 3.1.3
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `rac` parameter in the `/ecrire/exec/plonger.php` endpoint.
**Recommendations**
For SPIP version 3.1.3, update to a version that fixes this issue to prevent exploitation.