CVE-2013-7303
Published: 30 January 2014
Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.
Notes
| Author | Note |
|---|---|
| seth-arnold | Might be 'low' or 'negligible' if the author is the one to inject the XSS and if the author is generally allowed arbitrary HTML input somewhere else. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
spip Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was not-affected [3.0.13-1])
|
|
| upstream |
Released
(3.0.13-1)
|
|
| utopic |
Not vulnerable
(3.0.13-1)
|
|
| vivid |
Not vulnerable
(3.0.13-1)
|
|
| wily |
Not vulnerable
(3.0.13-1)
|
|
| xenial |
Not vulnerable
(3.0.13-1)
|
|
| yakkety |
Not vulnerable
(3.0.13-1)
|
|
| zesty |
Not vulnerable
(3.0.13-1)
|