Cross-Site Scripting Vulnerability in SPIP Versions Prior to 4.1.13 and 4.2.7
CVE-2023-52322

6.1MEDIUM

Key Information:

Vendor

Spip

Status
Spip
Vendor
CVE Published:
4 January 2024

What is CVE-2023-52322?

The vulnerability in SPIP occurs in the ecrire/public/assembler.php script, allowing Cross-Site Scripting (XSS) due to inadequate input filtering. Specifically, the function _request() does not restrict input to safe characters, such as alphanumerics. This permits potential attackers to inject malvolent scripts, posing significant security risks. Users are urged to upgrade to SPIP version 4.1.13 or 4.2.7 to mitigate these vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://git.spip.net/spip/spip/commit/e90f5344b8c82711053...
https://blog.spip.net/Mise-a-jour-de-maintenance-et-secur...
https://lists.debian.org/debian-lts-announce/2024/03/msg0...
mailing-list

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.