CVE-2016-9998

Опубликовано: 17 дек. 2016

Источник: debian

Описание

SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
spip	fixed	3.1.4-2		package
spip	fixed	3.0.17-2+deb8u3	jessie	package

Примечания

https://core.spip.net/projects/spip/repository/revisions/23288

Связанные уязвимости

CVE-2016-9998

CVSS3: 6.1

ubuntu

около 9 лет назад

SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.

CVE-2016-9998

CVSS3: 6.1

nvd

около 9 лет назад

SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.

GHSA-qf7v-9pxv-qv56

CVSS3: 6.1

github

больше 3 лет назад

SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.