CVE-2019-16392Cross-site Scripting in Spip

CWE-79Cross-site Scripting6 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.6%
top 29.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SpipDebian SpipCanonical Ubuntu Linux+1 more
Timeline
PublishedSep 17
Latest updateMay 24

Description

SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

NVDspip/spip3.2.03.2.5+1
debiandebian/spip< spip 3.2.5-1 (bullseye)
Debianspip/spip< 3.2.5-1+2
Ubuntuspip/spip< 3.1.4-4~deb9u3build0.18.04.1

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 18.04

Patches

Patch: blog.spip.netPatch: git.spip.netPatch: blog.spip.net

🔴Vulnerability Details

3
GHSA
GHSA-6j3r-8pmv-5j3p: SPIP before 32022-05-24
OSV
spip vulnerabilities2020-09-24
OSV
CVE-2019-16392: SPIP before 32019-09-17

📋Vendor Advisories

2
Ubuntu
SPIP vulnerabilities2020-09-24
Debian
CVE-2019-16392: spip - SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS v...2019
CVE-2019-16392 — Cross-site Scripting in Spip | cvebase