CVE-2006-1295 — Cross-site Scripting in Spip

5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 37.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Spip Debian Spip

Timeline

PublishedMar 19

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/spip< spip 2.0.6-1 (bullseye)

▶Debianspip/spip< 2.0.6-1+2

▶NVDspip/spip1.8.2e, 1.8.2g+1

Patches

Patch: zone.spip.org ↗Patch: zone.spip.org ↗

🔴Vulnerability Details

GHSA

GHSA-xh8p-p48j-92w6: Cross-site scripting (XSS) vulnerability in recherche↗2022-05-01

▶

OSV

CVE-2006-1295: Cross-site scripting (XSS) vulnerability in recherche↗2006-03-19

▶

💥Exploits & PoCs

Exploit-DB

eStara SoftPhone 3.0.1 - SIP SDP Message Handling Format String Denial of Service↗2006-02-14

▶

📋Vendor Advisories

Debian

CVE-2006-1295: spip - Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allow...↗2006

▶