CVE-2013-7303

描述

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.

受影響套件(1)

• Debian/spipfrom 0, < 3.0.13-1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-7303