CVE-2016-9997

Опубликовано: 17 дек. 2016

Источник: debian

Описание

SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
spip	fixed	3.1.4-2		package
spip	fixed	3.0.17-2+deb8u3	jessie	package

Примечания

https://core.spip.net/projects/spip/repository/revisions/23288

Связанные уязвимости

CVE-2016-9997

CVSS3: 6.1

ubuntu

около 9 лет назад

SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.

CVE-2016-9997

CVSS3: 6.1

nvd

около 9 лет назад

SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.

GHSA-2jqw-7pmw-3pxf

CVSS3: 6.1

github

больше 3 лет назад

SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.