Cross-Site Scripting Vulnerability in SPIP by SPIP Team
CVE-2024-23659
6.1MEDIUM
Summary
The vulnerability allows an attacker to exploit an XSS flaw through the naming of uploaded files in SPIP versions prior to 4.1.14 and 4.2.8. This impacts users as malicious scripts can be injected via user-uploaded file names, potentially leading to unauthorized access or data manipulation. Affected components include javascript/bigup.js and javascript/bigup.utils.js, necessitating prompt updates and review of security practices.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved