Your submission was sent successfully! Close

CVE-2020-28984

Published: 23 November 2020

prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
spip
Launchpad, Ubuntu, Debian
bionic
Released (3.1.4-4~deb9u5build0.18.04.1)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Not vulnerable
(3.2.8-1)
impish Not vulnerable
(3.2.8-1)
jammy Not vulnerable
(3.2.8-1)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)