Cross Site Scripting Vulnerability in SPIP by SPIP
CVE-2021-44118

5.4MEDIUM

Key Information:

Vendor
Spip
Status
Spip
Vendor
CVE Published:
26 January 2022

Summary

SPIP 4.0.0 has a vulnerability that allows an authenticated attacker to exploit Cross Site Scripting (XSS) through malicious SVG files. When a user visits a page containing this SVG, the attacker can inject harmful client-side scripts that execute on the browsers of other users. This stored XSS threat emphasizes the importance of proper input validation and sanitation to safeguard users from potential exploits.

References

https://git.spip.net/spip/spip/commit/1cf91def15966406ddd...
x_refsource_MISC
https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e...
x_refsource_MISC
https://git.spip.net/spip/medias/commit/13c293fabd35e2c15...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.