Spip · Spip · CVE-2019-16392
**Name of the Vulnerable Software and Affected Versions**
SPIP versions prior to 3.1.11
SPIP versions 3.2 prior to 3.2.5
**Description**
The issue is related to the lack of protection of the web page structure in the SPIP content management system. This can be exploited by a remote attacker to compromise data integrity. The problem allows for XSS via error messages in prive/formulaires/login.php.
**Recommendations**
For SPIP versions prior to 3.1.11, update to version 3.1.11 or later.
For SPIP versions 3.2 prior to 3.2.5, update to version 3.2.5 or later.