CVE-2023-53900

Name of the Vulnerable Software and Affected Versions Spip version 4.1.10

Description Spip 4.1.10 is affected by a file upload issue. This allows attackers to upload malicious SVG files containing external links. An attacker can potentially trick administrators into clicking a crafted SVG logo, redirecting them to a dangerous URL due to insufficient file upload filtering. The vulnerability involves improper filtering of uploaded files, specifically SVG files, enabling the inclusion of external links within them.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict file uploads to trusted file types only. Implement stricter file upload validation to prevent the upload of SVG files with embedded external links.