Spip » Spip : Security Vulnerabilities Published In 2016
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2016-9998 |
79 |
|
XSS |
2016-12-17 |
2017-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL. |
2 |
CVE-2016-9997 |
79 |
|
XSS |
2016-12-17 |
2017-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL. |
3 |
CVE-2016-9152 |
79 |
|
XSS |
2016-12-05 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter. |
4 |
CVE-2016-3154 |
94 |
|
Exec Code |
2016-04-08 |
2016-04-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. |
5 |
CVE-2016-3153 |
94 |
|
Exec Code |
2016-04-08 |
2016-04-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. |
Total number of vulnerabilities :
5
Page :
1
(This Page)