First published: Wed Jan 26 2022(Updated: )
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Spip Spip | =4.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-44118 refers to a Cross Site Scripting (XSS) vulnerability in SPIP 4.0.0.
CVE-2021-44118 allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).
CVE-2021-44118 has a severity rating of 5.4, which is considered medium.
An attacker can exploit CVE-2021-44118 by tricking a visitor into browsing to a malicious SVG file.
Yes, there are fixes available. You can refer to the provided references for more information.