CVE-2024-53620

Name of the Vulnerable Software and Affected Versions SPIP version 4.3.3

Description A cross-site scripting (XSS) issue in the Article module of SPIP allows authenticated attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Title parameter. This enables malicious code injection.

Recommendations For SPIP version 4.3.3, patch immediately and validate user input to prevent exploitation. As a temporary workaround, consider restricting access to the Article module until a patch is applied. Avoid using the Title parameter in the affected module until the issue is resolved.