Lucene search

K

Ubuntu.comUB:CVE-2023-52322

HistoryJan 04, 2024 - 12:00 a.m.

CVE-2023-52322

2024-01-0400:00:00

ubuntu.com

ubuntu.com

15

spip

xss

vulnerability

input restriction

alphanumerics

bug

unix

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.6%

ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7
allows XSS because input from _request() is not restricted to safe
characters such as alphanumerics.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059331>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchspip< anyUNKNOWN
ubuntu20.04noarchspip< anyUNKNOWN
ubuntu22.04noarchspip< anyUNKNOWN
ubuntu16.04noarchspip< anyUNKNOWN

References

blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-7-SPIP-4-1-13.html?lang=fr

git.spip.net/spip/spip/commit/e90f5344b8c82711053053e778d38a35e42b7bcb

launchpad.net/bugs/cve/CVE-2023-52322

nvd.nist.gov/vuln/detail/CVE-2023-52322

security-tracker.debian.org/tracker/CVE-2023-52322

www.cve.org/CVERecord?id=CVE-2023-52322

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.6%

Related for UB:CVE-2023-52322

cvelist1 prion1 veracode1 nvd1 debian1 debiancve1 osv2 openvas2 nessus1 cve1