📦 Spip
by Spip
🔍 What is Spip?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2024-8517 is a critical remote code execution vulnerability in SPIP content management systems. Unauthenticated attackers can execute arbitrary operating system commands by uploading specially cra...
CVE-2020-28984 is a critical vulnerability in SPIP CMS that allows unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability exists in the preferences configuration fo...
SPIP versions before 4.4.9 contain an insecure deserialization vulnerability in the public area through the table_valeur filter and DATA iterator. Attackers who can inject malicious serialized data (r...
This vulnerability allows remote authenticated editors in SPIP content management systems to execute arbitrary code on the server. It affects SPIP installations where users have editor-level permissio...
SPIP 4.0.0 has a CSRF vulnerability in multiple PHP files that allows authenticated attackers to execute malicious actions without user consent. Attackers can exploit this by tricking users into visit...
This vulnerability allows authenticated attackers in SPIP's private area to perform blind Server-Side Request Forgery (SSRF) when editing syndicated sites. The application fails to validate syndicatio...
This vulnerability allows cross-site scripting (XSS) attacks in SPIP's private area due to incomplete input sanitization. Attackers can inject malicious scripts through HTML tags that weren't properly...
This CVE describes a cross-site scripting (XSS) vulnerability in SPIP CMS versions before 4.4.8. The echapper_html_suspect() function fails to properly sanitize certain edge-case inputs, allowing atta...
This CVE describes a cross-site scripting (XSS) vulnerability in SPIP's private area where error messages from the 'transmettre' API are not properly sanitized. Attackers can inject malicious scripts ...
This cross-site scripting (XSS) vulnerability in SPIP v4.3.3 allows authenticated users to inject malicious scripts into article titles, which execute when other users view affected articles. The vuln...