Information on source package spip

Available versions

ReleaseVersion
jessie3.0.17-2+deb8u5
stretch3.1.4-4~deb9u5
buster3.2.4-1+deb10u13
bullseye3.2.11-3+deb11u10
bullseye (security)3.2.11-3+deb11u7
trixie4.3.4+dfsg-1
sid4.3.4+dfsg-1

Open issues

BugjessiestretchbusterbullseyetrixiesidDescription
TEMP-0000000-ED76D0vulnerablevulnerablefixedfixedfixedfixedSanitizing and other XSS protections
TEMP-0000000-803658vulnerablefixedfixedfixedfixedfixedseveral security fixes: PHP injections, XSS and secrets stored in session file
TEMP-0000000-4677DEvulnerablevulnerablefixedfixedfixedfixedspip: XSS alowing priviledge escalation
TEMP-0000000-96AFF4vulnerablevulnerablefixedfixedfixedfixedspip: Use a dedicated function to clean author data when preparing a session
CVE-2024-8517vulnerablevulnerablevulnerablevulnerablefixedfixedSPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command inje ...
CVE-2024-7954vulnerablevulnerablevulnerablevulnerablefixedfixedThe porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4. ...
CVE-2023-52322vulnerablevulnerablefixedfixedfixedfixedecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2 ...
CVE-2023-27372vulnerablevulnerablefixedfixedfixedfixedSPIP before 4.2.1 allows Remote Code Execution via form values in the ...
CVE-2023-24258vulnerablevulnerablefixedfixedfixedfixedSPIP v4.1.5 and earlier was discovered to contain a SQL injection vuln ...
CVE-2022-37155vulnerablevulnerablefixedfixedfixedfixedRCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to ...
CVE-2022-28961vulnerablevulnerablefixedfixedfixedfixedSpip Web Framework v3.1.13 and below was discovered to contain multipl ...
CVE-2022-28960vulnerablevulnerablefixedfixedfixedfixedA PHP injection vulnerability in Spip before v3.2.8 allows attackers t ...
CVE-2022-28959vulnerablevulnerablefixedfixedfixedfixedMultiple cross-site scripting (XSS) vulnerabilities in the component / ...
CVE-2022-26847vulnerablefixedfixedfixedfixedfixedSPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access ...
CVE-2022-26846vulnerablefixedfixedfixedfixedfixedSPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated ed ...
CVE-2021-44123vulnerablefixedfixedfixedfixedfixedSPIP 4.0.0 is affected by a remote command execution vulnerability. To ...
CVE-2021-44122vulnerablefixedfixedfixedfixedfixedSPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ...
CVE-2021-44120vulnerablefixedfixedfixedfixedfixedSPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...
CVE-2021-44118vulnerablefixedfixedfixedfixedfixedSPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. ...
CVE-2020-28984vulnerablefixedfixedfixedfixedfixedprive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does ...

Resolved issues

BugDescription
TEMP-0683667-E2E855base name disclosure
TEMP-0672961-92221Ctwo XSS
TEMP-0649113-869F0Dspip XSS
TEMP-0649113-5F7BC7spip privilege escalation
TEMP-0646758-12F1BDspip path disclosure
TEMP-0609212-CA8607multiple spip issues
TEMP-0000000-42228Bspip DoS
CVE-2024-23659SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of a ...
CVE-2019-19830_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authent ...
CVE-2019-16394SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messa ...
CVE-2019-16393SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ec ...
CVE-2019-16392SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login ...
CVE-2019-16391SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors ...
CVE-2019-11071SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visit ...
CVE-2017-15736Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 ...
CVE-2017-9736SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell ...
CVE-2016-9998SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability ...
CVE-2016-9997SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability ...
CVE-2016-9152Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ...
CVE-2016-7999ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote at ...
CVE-2016-7998The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows r ...
CVE-2016-7982Directory traversal vulnerability in ecrire/exec/valider_xml.php in SP ...
CVE-2016-7981Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3. ...
CVE-2016-7980Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider ...
CVE-2016-3154The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2 ...
CVE-2016-3153SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 al ...
CVE-2013-7303Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes- ...
CVE-2013-4557The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 ...
CVE-2013-4556Cross-site scripting (XSS) vulnerability in the author page (prive/for ...
CVE-2013-4555Cross-site request forgery (CSRF) vulnerability in ecrire/action/logou ...
CVE-2013-2118SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 ...
CVE-2012-4331Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x bef ...
CVE-2012-2151Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x befo ...
CVE-2009-3041SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper acc ...
CVE-2008-5813SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1. ...
CVE-2008-5812Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 be ...
CVE-2007-4525PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7 ...
CVE-2006-1702PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8 ...
CVE-2006-1295Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8 ...
CVE-2006-0626SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and ...
CVE-2006-0625Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and e ...
CVE-2006-0519SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows rem ...
CVE-2006-0518Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ...
CVE-2006-0517Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_f ...
CVE-2005-4494Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier all ...

Security announcements

DSA / DLADescription
DLA-3761-1spip - security update
DLA-3691-1spip - security update
DLA-3347-2spip - regression update
DSA-5367-1spip - security update
DLA-3347-1spip - security update
DSA-5325-1spip - security update
DSA-5190-1spip - security update
DSA-5152-1spip - security update
DLA-2949-1spip - security update
DSA-5093-1spip - security update
DLA-2867-1spip - security update
DSA-5028-1spip - security update
DLA-2579-1spip - security update
DSA-4853-1spip - security update
DLA-2505-1spip - security update
DSA-4798-1spip - security update
DSA-4583-1spip - security update
DLA-1975-1spip - security update
DSA-4532-1spip - security update
DSA-4429-1spip - security update
DSA-4228-1spip - security update
DSA-3890-1spip - security update
DLA-760-1spip - security update
DLA-738-1spip - security update
DLA-695-1spip - security update
DSA-3518-1spip - security update
DSA-2794-1spip - several
DSA-2694-1spip - privilege escalation
DSA-2461-1spip - several
DSA-2349-1spip - several
DSA-2229-1spip - programming error

Search for package or bug name: Reporting problems