Spip

Spip

79 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.36%
  • Veröffentlicht 30.01.2014 21:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML v...

Exploit
  • EPSS 25.29%
  • Veröffentlicht 18.11.2013 02:55:08
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.

  • EPSS 2.11%
  • Veröffentlicht 18.11.2013 02:55:08
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.

Exploit
  • EPSS 1.23%
  • Veröffentlicht 18.11.2013 02:55:08
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors.

  • EPSS 8.98%
  • Veröffentlicht 09.07.2013 17:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.

  • EPSS 1.41%
  • Veröffentlicht 14.08.2012 22:55:02
  • Zuletzt bearbeitet 16.06.2026 23:44:50

Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.

  • EPSS 2.38%
  • Veröffentlicht 14.08.2012 22:55:01
  • Zuletzt bearbeitet 16.06.2026 23:41:05

Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploit
  • EPSS 6.59%
  • Veröffentlicht 01.09.2009 18:30:04
  • Zuletzt bearbeitet 16.06.2026 23:10:46

SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as explo...

  • EPSS 1.29%
  • Veröffentlicht 02.01.2009 18:11:09
  • Zuletzt bearbeitet 16.06.2026 23:01:02

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third pa...

  • EPSS 1.53%
  • Veröffentlicht 02.01.2009 18:11:09
  • Zuletzt bearbeitet 16.06.2026 23:01:02

Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.