Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-44118

Good to know:

icon

Date: January 26, 2022

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).

Language: Java

Severity Score

Related Resources (7)

https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a
https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357
https://people.canonical.com/~ubuntu-security/cve/CVE-2021-44118
https://nvd.nist.gov/vuln/detail/CVE-2021-44118
https://security-tracker.debian.org/tracker/CVE-2021-44118
https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba
https://www.mend.io/vulnerability-database/CVE-2021-44118

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version spip/ecrire - 3.0.29;spip/ecrire - 3.1.10;spip/ecrire - 3.2.4;bdegoy/oauthsd - no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): SINGLE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us