PT-2024-14522 · Spip · Spip
Hatim Chabik
·
Published
2024-01-04
·
Updated
2024-03-15
·
CVE-2023-52322
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SPIP versions 4.1.3 and earlier
SPIP versions 4.2.x through 4.2.6
Description
The issue arises from the
ecrire/public/assembler.php file in SPIP, where input from request() is not restricted to safe characters, such as alphanumerics, allowing for XSS attacks.Recommendations
For SPIP versions 4.1.3 and earlier, update to version 4.1.13 or later.
For SPIP versions 4.2.x through 4.2.6, update to version 4.2.7 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spip