CVE-2021-44118
MEDIUM5.4EPSS 0.28%spip - security update
發布日:2022/1/26修改日:2026/5/29
描述
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).
受影響套件(3)
- Debian/spipfrom 0, < 3.2.11-3+deb11u1
- Debian/spipfrom 0, < 3.1.4-4~deb9u4+deb9u2
- Debian/spipfrom 0, < 3.2.4-1+deb10u5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |