CVE-2013-7303

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.

How to fix CVE-2013-7303

To remediate CVE-2013-7303, upgrade the affected package to a fixed version below.

• Debian/spip—upgrade to 3.0.13-1 or later

Is CVE-2013-7303 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3.0.13-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-7303