Vulnerability Description
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spip | Spip | 4.0.0 |
Related Weaknesses (CWE)
References
- https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbbaPatchThird Party Advisory
- https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47aPatchThird Party Advisory
- https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357PatchThird Party Advisory
- https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbbaPatchThird Party Advisory
- https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47aPatchThird Party Advisory
- https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357PatchThird Party Advisory
FAQ
What is CVE-2021-44118?
CVE-2021-44118 is a vulnerability with a CVSS score of 5.4 (MEDIUM). SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to...
How severe is CVE-2021-44118?
CVE-2021-44118 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-44118?
Check the references section above for vendor advisories and patch information. Affected products include: Spip Spip.