Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0518Cross-site Scripting in Spip

5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
10.4%
top 6.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SpipDebian Spip
Timeline
PublishedFeb 2
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/spip< spip 2.0.6-1 (bullseye)
Debianspip/spip< 2.0.6-1+2
NVDspip/spip1.8.2e+1

🔴Vulnerability Details

2
GHSA
GHSA-4hxq-fhr5-rx6m: Cross-site scripting (XSS) vulnerability in index2022-05-01
OSV
CVE-2006-0518: Cross-site scripting (XSS) vulnerability in index2006-02-02

💥Exploits & PoCs

1
Exploit-DB
SPIP 1.8/1.9 - 'index.php3' Cross-Site Scripting2006-02-01

📋Vendor Advisories

1
Debian
CVE-2006-0518: spip - Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earli...2006
CVE-2006-0518 — Cross-site Scripting in Debian Spip | cvebase