CVE-2023-53900 — Cross-site Scripting in Spip

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

0.0N/ANVD

EPSS

0.1%

top 82.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Spip Debian Spip

Timeline

PublishedDec 16

Description

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Packages2 packages

▶NVDspip/spip4.1.10

▶debiandebian/spip

🔴Vulnerability Details

GHSA

GHSA-3w5m-3c69-745h: Spip 4↗2025-12-16

▶

OSV

CVE-2023-53900: Spip 4↗2025-12-16

▶

📋Vendor Advisories

Debian

CVE-2023-53900: spip - Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-53900 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶