Tuesday, February 1, 2022

Debian: CVE-2021-44120: spip -- security update

Description
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable.
Solution(s)
  • debian-upgrade-spip


  • References
  • https://attackerkb.com/topics/cve-2021-44120
  • CVE - 2021-44120
  • DLA-2867-1
  • DSA-5028-1




  •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore