CVE-2021-44118

Published: 26 January 2022

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).

Priority

CVSS 3 base score: 5.4

Status

Package	Release	Status
spip Launchpad, Ubuntu, Debian	bionic	Needed
	focal	Needed
	impish	Released (3.2.11-3+deb11u3build0.21.10.1)
	jammy	Needs triage
	kinetic	Needs triage
	trusty	Ignored (out of standard support)
	upstream	Needs triage
	xenial	Ignored (out of standard support)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44118
https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba
https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357
https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a
https://ubuntu.com/security/notices/USN-5482-1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Security

CVE-2021-44118

Medium

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading