Your submission was sent successfully! Close

CVE-2021-44118

Published: 26 January 2022

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).

Priority

Medium

CVSS 3 base score: 5.4

Status

Package Release Status
spip
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

impish
Released (3.2.11-3+deb11u3build0.21.10.1)
jammy Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)