First published: Sat Oct 21 2017(Updated: )
Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Spip Spip | <=3.1.6 | |
debian/spip | 3.2.11-3+deb11u10 3.2.11-3+deb11u7 4.3.2+dfsg-1 4.3.3+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-15736 is a cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 that allows remote attackers to inject arbitrary web script or HTML via a crafted string.
CVE-2017-15736 affects SPIP versions before 3.1.7.
CVE-2017-15736 has a severity rating of 6.1 (high).
To fix CVE-2017-15736, you should update SPIP to version 3.1.7 or later.
You can find more information about CVE-2017-15736 at the following references: - [https://core.spip.net/projects/spip/repository/revisions/23701](https://core.spip.net/projects/spip/repository/revisions/23701) - [https://www.debian.org/security/2018/dsa-4228](https://www.debian.org/security/2018/dsa-4228) - [https://usn.ubuntu.com/4536-1/](https://usn.ubuntu.com/4536-1/)