EPSS
Percentile
25.8%
spip is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the malicious SVG file.
git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba
git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a
git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357
security-tracker.debian.org/tracker/CVE-2021-44118