CVE-2021-44118
spip - security update
5.4
MEDIUM
CVSS 3.1
EPSS 0.28%
Description
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).
How to fix CVE-2021-44118
To remediate CVE-2021-44118, upgrade the affected package to a fixed version below.
- —upgrade to 3.2.11-3+deb11u1 or later
- —upgrade to 3.1.4-4~deb9u4+deb9u2 or later
- —upgrade to 3.2.4-1+deb10u5 or later
Is CVE-2021-44118 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 3.2.11-3+deb11u1
- from 0, < 3.1.4-4~deb9u4+deb9u2
- from 0, < 3.2.4-1+deb10u5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |