Bug | jessie | stretch | buster | bullseye | trixie | sid | Description |
---|
TEMP-0000000-ED76D0 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Sanitizing and other XSS protections |
TEMP-0000000-803658 | vulnerable | fixed | fixed | fixed | fixed | fixed | several security fixes: PHP injections, XSS and secrets stored in session file |
TEMP-0000000-4677DE | vulnerable | vulnerable | fixed | fixed | fixed | fixed | spip: XSS alowing priviledge escalation |
TEMP-0000000-96AFF4 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | spip: Use a dedicated function to clean author data when preparing a session |
CVE-2024-53620 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | A cross-site scripting (XSS) vulnerability in the Article module of SP ... |
CVE-2024-53619 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | An authenticated arbitrary file upload vulnerability in the Documents ... |
CVE-2024-8517 | vulnerable | vulnerable | vulnerable | vulnerable | fixed | fixed | SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command inje ... |
CVE-2024-7954 | vulnerable | vulnerable | vulnerable | vulnerable | fixed | fixed | The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4. ... |
CVE-2023-52322 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2 ... |
CVE-2023-27372 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | SPIP before 4.2.1 allows Remote Code Execution via form values in the ... |
CVE-2023-24258 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | SPIP v4.1.5 and earlier was discovered to contain a SQL injection vuln ... |
CVE-2022-37155 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to ... |
CVE-2022-28961 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Spip Web Framework v3.1.13 and below was discovered to contain multipl ... |
CVE-2022-28960 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | A PHP injection vulnerability in Spip before v3.2.8 allows attackers t ... |
CVE-2022-28959 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Multiple cross-site scripting (XSS) vulnerabilities in the component / ... |
CVE-2022-26847 | vulnerable | fixed | fixed | fixed | fixed | fixed | SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access ... |
CVE-2022-26846 | vulnerable | fixed | fixed | fixed | fixed | fixed | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated ed ... |
CVE-2021-44123 | vulnerable | fixed | fixed | fixed | fixed | fixed | SPIP 4.0.0 is affected by a remote command execution vulnerability. To ... |
CVE-2021-44122 | vulnerable | fixed | fixed | fixed | fixed | fixed | SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ... |
CVE-2021-44120 | vulnerable | fixed | fixed | fixed | fixed | fixed | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ... |
CVE-2021-44118 | vulnerable | fixed | fixed | fixed | fixed | fixed | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. ... |
CVE-2020-28984 | vulnerable | fixed | fixed | fixed | fixed | fixed | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does ... |
Bug | Description |
---|
TEMP-0683667-E2E855 | base name disclosure |
TEMP-0672961-92221C | two XSS |
TEMP-0649113-869F0D | spip XSS |
TEMP-0649113-5F7BC7 | spip privilege escalation |
TEMP-0646758-12F1BD | spip path disclosure |
TEMP-0609212-CA8607 | multiple spip issues |
TEMP-0000000-42228B | spip DoS |
CVE-2024-23659 | SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of a ... |
CVE-2019-19830 | _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authent ... |
CVE-2019-16394 | SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messa ... |
CVE-2019-16393 | SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ec ... |
CVE-2019-16392 | SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login ... |
CVE-2019-16391 | SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors ... |
CVE-2019-11071 | SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visit ... |
CVE-2017-15736 | Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 ... |
CVE-2017-9736 | SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell ... |
CVE-2016-9998 | SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability ... |
CVE-2016-9997 | SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability ... |
CVE-2016-9152 | Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ... |
CVE-2016-7999 | ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote at ... |
CVE-2016-7998 | The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows r ... |
CVE-2016-7982 | Directory traversal vulnerability in ecrire/exec/valider_xml.php in SP ... |
CVE-2016-7981 | Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3. ... |
CVE-2016-7980 | Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider ... |
CVE-2016-3154 | The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2 ... |
CVE-2016-3153 | SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 al ... |
CVE-2013-7303 | Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes- ... |
CVE-2013-4557 | The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 ... |
CVE-2013-4556 | Cross-site scripting (XSS) vulnerability in the author page (prive/for ... |
CVE-2013-4555 | Cross-site request forgery (CSRF) vulnerability in ecrire/action/logou ... |
CVE-2013-2118 | SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 ... |
CVE-2012-4331 | Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x bef ... |
CVE-2012-2151 | Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x befo ... |
CVE-2009-3041 | SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper acc ... |
CVE-2008-5813 | SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1. ... |
CVE-2008-5812 | Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 be ... |
CVE-2007-4525 | PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7 ... |
CVE-2006-1702 | PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8 ... |
CVE-2006-1295 | Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8 ... |
CVE-2006-0626 | SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and ... |
CVE-2006-0625 | Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and e ... |
CVE-2006-0519 | SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows rem ... |
CVE-2006-0518 | Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ... |
CVE-2006-0517 | Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_f ... |
CVE-2005-4494 | Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier all ... |