CVE-2021-44120: XSS
First published: Wed Jan 26 2022(Updated: )
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SPIP SPIP | =4.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-44120?
The severity of CVE-2021-44120 is medium with a severity value of 5.4.
How is SPIP 4.0.0 affected by CVE-2021-44120?
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php.
How can an editor modify their personal information in SPIP 4.0.0?
An editor in SPIP 4.0.0 can modify their personal information if they have an article written and available.
What can happen when a user goes to the public site in SPIP 4.0.0?
When a user goes to the public site in SPIP 4.0.0, a Cross Site Scripting (XSS) vulnerability may be exploited.
Is there a fix available for CVE-2021-44120?
Yes, a fix for CVE-2021-44120 is available through the commit d548391d799387d1e93cf1a369d385c72f7d5c81.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/spip
- canonical/spip spip
- version/spip spip/4.0.0