Cross-Site Scripting Vulnerability in SPIP by SPIP
CVE-2019-16392

6.1MEDIUM

Key Information:

Vendor

Spip

Status
Spip
Vendor
CVE Published:
17 September 2019

What is CVE-2019-16392?

SPIP versions prior to 3.1.11 and versions 3.2 before 3.2.5 are vulnerable to a Cross-Site Scripting (XSS) flaw. This vulnerability arises from inadequate error message handling in the prive/formulaires/login.php script, which could allow an attacker to inject malicious scripts into web pages viewed by other users. Proper validation and sanitization measures are necessary to mitigate this risk effectively.

References

https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-So...
x_refsource_MISC
https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e...
x_refsource_MISC
https://seclists.org/bugtraq/2019/Sep/40
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.