CVE-2013-7303
Published: 30 January 2014
Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.
Notes
Author | Note |
---|---|
seth-arnold | Might be 'low' or 'negligible' if the author is the one to inject the XSS and if the author is generally allowed arbitrary HTML input somewhere else. |
Priority
Status
Package | Release | Status |
---|---|---|
spip Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [3.0.13-1])
|
|
upstream |
Released
(3.0.13-1)
|
|
utopic |
Not vulnerable
(3.0.13-1)
|
|
vivid |
Not vulnerable
(3.0.13-1)
|
|
wily |
Not vulnerable
(3.0.13-1)
|
|
xenial |
Not vulnerable
(3.0.13-1)
|
|
yakkety |
Not vulnerable
(3.0.13-1)
|
|
zesty |
Not vulnerable
(3.0.13-1)
|