Cross-Site Scripting Vulnerability in SPIP by SPIP Team
CVE-2024-23659
6.1MEDIUM
What is CVE-2024-23659?
The vulnerability allows an attacker to exploit an XSS flaw through the naming of uploaded files in SPIP versions prior to 4.1.14 and 4.2.8. This impacts users as malicious scripts can be injected via user-uploaded file names, potentially leading to unauthorized access or data manipulation. Affected components include javascript/bigup.js and javascript/bigup.utils.js, necessitating prompt updates and review of security practices.