Lucene search

[email protected]CVE-2013-7303

HistoryJan 30, 2014 - 9:55 p.m.

CVE-2013-7303

2014-01-3021:55:04

CWE-79

[email protected]

web.nvd.nist.gov

spip

xss

vulnerabilities

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.

Affected configurations

NVD

Node

spipspipRange≤2.1.24

spipspipMatch2.0.1

spipspipMatch2.0.2

spipspipMatch2.0.3

spipspipMatch2.0.4

spipspipMatch2.0.5

spipspipMatch2.0.6

spipspipMatch2.0.7

spipspipMatch2.0.8

spipspipMatch2.0.9

spipspipMatch2.0.10

spipspipMatch2.0.11

spipspipMatch2.0.12

spipspipMatch2.0.13

spipspipMatch2.0.14

spipspipMatch2.0.15

spipspipMatch2.0.16

spipspipMatch2.0.17

spipspipMatch2.0.18

spipspipMatch2.0.19

spipspipMatch2.0.20

spipspipMatch2.0.21

spipspipMatch2.0.22

spipspipMatch2.1

spipspipMatch2.1.1

spipspipMatch2.1.2

spipspipMatch2.1.10

spipspipMatch2.1.11

spipspipMatch2.1.12

spipspipMatch2.1.13

spipspipMatch2.1.14

spipspipMatch2.1.15

spipspipMatch2.1.16

spipspipMatch2.1.17

spipspipMatch2.1.18

spipspipMatch2.1.19

spipspipMatch2.1.20

spipspipMatch2.1.21

spipspipMatch2.1.22

spipspipMatch2.1.23

spipspipMatch3.0.0

spipspipMatch3.0.1

spipspipMatch3.0.2

spipspipMatch3.0.3

spipspipMatch3.0.4

spipspipMatch3.0.5

spipspipMatch3.0.6

spipspipMatch3.0.7

spipspipMatch3.0.8

spipspipMatch3.0.9

spipspipMatch3.0.10

spipspipMatch3.0.11

CPENameOperatorVersion
spip:spipspiple2.1.24
spip:spipspipeq2.0.1
spip:spipspipeq2.0.2
spip:spipspipeq2.0.3
spip:spipspipeq2.0.4
spip:spipspipeq2.0.5
spip:spipspipeq2.0.6
spip:spipspipeq2.0.7
spip:spipspipeq2.0.8
spip:spipspipeq2.0.9

CPE	Name	Operator	Version
spip:spip	spip	le	2.1.24
spip:spip	spip	eq	2.0.1
spip:spip	spip	eq	2.0.2
spip:spip	spip	eq	2.0.3
spip:spip	spip	eq	2.0.4
spip:spip	spip	eq	2.0.5
spip:spip	spip	eq	2.0.6
spip:spip	spip	eq	2.0.7
spip:spip	spip	eq	2.0.8
spip:spip	spip	eq	2.0.9

Rows per page:

1-10 of 521

References

core.spip.org/projects/spip/repository/revisions/20902

seclists.org/oss-sec/2014/q1/123

seclists.org/oss-sec/2014/q1/128

secunia.com/advisories/56381

www.securitytracker.com/id/1029703

www.spip.net/fr_article5648.html

www.spip.net/fr_article5665.html

zone.spip.org/trac/spip-zone/changeset/77768

exchange.xforce.ibmcloud.com/vulnerabilities/90643

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.9%

JSON

Related for CVE-2013-7303

ubuntucve1 nvd1 debiancve1 cvelist1 prion1