CVE-2013-7303 — Cross-site Scripting in Spip

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 37.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Spip Debian Spip

Timeline

PublishedJan 30

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/spip< spip 3.0.13-1 (bullseye)

▶Debianspip/spip< 3.0.13-1+2

▶NVDspip/spip2.1.24+51

🔴Vulnerability Details

GHSA

GHSA-93ww-cxcr-rvw4: Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription↗2022-05-17

▶

OSV

CVE-2013-7303: Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription↗2014-01-30

▶

📋Vendor Advisories

Debian

CVE-2013-7303: spip - Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formu...↗2013

▶