What is the severity of CVE-2013-7303?

CVE-2013-7303 has a medium severity rating due to its potential to allow remote attackers to inject malicious scripts.

How do I fix CVE-2013-7303?

To fix CVE-2013-7303, upgrade to SPIP version 2.1.25 or 3.0.13 or later.

What specific files are affected in CVE-2013-7303?

The affected files in CVE-2013-7303 are squelettes-dist/formulaires/inscription.php and prive/forms/editer_auteur.php.

Can CVE-2013-7303 be exploited remotely?

Yes, CVE-2013-7303 can be exploited remotely by injecting arbitrary web scripts via the author name field.

Which versions of SPIP are impacted by CVE-2013-7303?

SPIP versions prior to 2.1.25 and 3.0.x before 3.0.13 are impacted by CVE-2013-7303.

Vulnerability/
CVE-2013-7303

medium

4.3

CWE

30/1/2014

29/8/2017

CVE-2013-7303: XSS

First published: Thu Jan 30 2014(Updated: )

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.

Credit: security@debian.org

Affected Software	Affected Version	How to fix
Spip	<=2.1.24
Spip	=2.0.1
Spip	=2.0.2
Spip	=2.0.3
Spip	=2.0.4
Spip	=2.0.5
Spip	=2.0.6
Spip	=2.0.7
Spip	=2.0.8
Spip	=2.0.9
Spip	=2.0.10
Spip	=2.0.11
Spip	=2.0.12
Spip	=2.0.13
Spip	=2.0.14
Spip	=2.0.15
Spip	=2.0.16
Spip	=2.0.17
Spip	=2.0.18
Spip	=2.0.19
Spip	=2.0.20
Spip	=2.0.21
Spip	=2.0.22
Spip	=2.1
Spip	=2.1.1
Spip	=2.1.2
Spip	=2.1.10
Spip	=2.1.11
Spip	=2.1.12
Spip	=2.1.13
Spip	=2.1.14
Spip	=2.1.15
Spip	=2.1.16
Spip	=2.1.17
Spip	=2.1.18
Spip	=2.1.19
Spip	=2.1.20
Spip	=2.1.21
Spip	=2.1.22
Spip	=2.1.23
Spip	=3.0.0
Spip	=3.0.1
Spip	=3.0.2
Spip	=3.0.3
Spip	=3.0.4
Spip	=3.0.5
Spip	=3.0.6
Spip	=3.0.7
Spip	=3.0.8
Spip	=3.0.9
Spip	=3.0.10
Spip	=3.0.11

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-7303?
CVE-2013-7303 has a medium severity rating due to its potential to allow remote attackers to inject malicious scripts.
How do I fix CVE-2013-7303?
To fix CVE-2013-7303, upgrade to SPIP version 2.1.25 or 3.0.13 or later.
What specific files are affected in CVE-2013-7303?
The affected files in CVE-2013-7303 are squelettes-dist/formulaires/inscription.php and prive/forms/editer_auteur.php.
Can CVE-2013-7303 be exploited remotely?
Yes, CVE-2013-7303 can be exploited remotely by injecting arbitrary web scripts via the author name field.
Which versions of SPIP are impacted by CVE-2013-7303?
SPIP versions prior to 2.1.25 and 3.0.x before 3.0.13 are impacted by CVE-2013-7303.

agent/type
agent/first-publish-date
agent/last-modified-date
agent/weakness
agent/references
agent/severity
agent/author
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/spip
canonical/spip
version/spip/2.1.24
version/spip/2.0.1
version/spip/2.0.2
version/spip/2.0.3
version/spip/2.0.4
version/spip/2.0.5
version/spip/2.0.6
version/spip/2.0.7
version/spip/2.0.8
version/spip/2.0.9
version/spip/2.0.10
version/spip/2.0.11
version/spip/2.0.12
version/spip/2.0.13
version/spip/2.0.14
version/spip/2.0.15
version/spip/2.0.16
version/spip/2.0.17
version/spip/2.0.18
version/spip/2.0.19
version/spip/2.0.20
version/spip/2.0.21
version/spip/2.0.22
version/spip/2.1
version/spip/2.1.1
version/spip/2.1.2
version/spip/2.1.10
version/spip/2.1.11
version/spip/2.1.12
version/spip/2.1.13
version/spip/2.1.14
version/spip/2.1.15
version/spip/2.1.16
version/spip/2.1.17
version/spip/2.1.18
version/spip/2.1.19
version/spip/2.1.20
version/spip/2.1.21
version/spip/2.1.22
version/spip/2.1.23
version/spip/3.0.0
version/spip/3.0.1
version/spip/3.0.2
version/spip/3.0.3
version/spip/3.0.4
version/spip/3.0.5
version/spip/3.0.6
version/spip/3.0.7
version/spip/3.0.8
version/spip/3.0.9
version/spip/3.0.10
version/spip/3.0.11