CPE-730587F8-292F-41FF-A230-8F97D38640A6 Detail

CPE Details

SPIP 2.1.27

Vendor

spip

Product

spip

Version

2.1.27

Created

2023-03-06
22h12 +00:00

Modified

2023-03-06
22h18 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:spip:spip:2.1.27:::::::*

Informations

Vendor

spip

Product

spip

Version

2.1.27

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-23659	2024-01-18 23h00 +00:00	SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.	6.1	Medium
CVE-2023-52322	2024-01-03 23h00 +00:00	ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.	6.1	Medium
CVE-2023-27372	2023-02-27 23h00 +00:00	SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.	9.8	Critical
CVE-2023-24258	2023-02-26 23h00 +00:00	SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.	9.8	Critical
CVE-2022-28961	2022-05-19 18h26 +00:00	Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.	8.8	High
CVE-2022-28960	2022-05-19 18h26 +00:00	A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.	8.8	High
CVE-2022-28959	2022-05-19 18h26 +00:00	Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.	6.1	Medium
CVE-2022-26846	2022-03-10 03h58 +00:00	SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.	8.8	High
CVE-2022-26847	2022-03-10 03h58 +00:00	SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.	5.3	Medium
CVE-2020-28984	2020-11-23 20h48 +00:00	prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.	9.8	Critical
CVE-2019-16391	2019-09-17 18h49 +00:00	SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.	6.5	Medium
CVE-2019-16392	2019-09-17 18h48 +00:00	SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.	6.1	Medium
CVE-2019-16393	2019-09-17 18h48 +00:00	SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.	6.1	Medium
CVE-2019-16394	2019-09-17 18h47 +00:00	SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.	5.3	Medium
CVE-2017-15736	2017-10-21 20h00 +00:00	Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.	6.1	Medium
CVE-2016-7980	2017-01-18 16h00 +00:00	Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.	8.8	High
CVE-2016-7981	2017-01-18 16h00 +00:00	Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.	6.1	Medium
CVE-2016-7982	2017-01-18 16h00 +00:00	Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.	7.5	High
CVE-2016-7998	2017-01-18 16h00 +00:00	The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.	8.8	High
CVE-2016-7999	2017-01-18 16h00 +00:00	ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.	7.4	High

SPIP 2.1.27

CPE Details

CPE Name: cpe:2.3:a:spip:spip:2.1.27:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:spip:spip:2.1.27:::::::*