CVE-2022-28959: XSS
First published: Thu May 19 2022(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Spip | <=3.1.13 | |
| debian/spip | 3.2.11-3+deb11u10 3.2.11-3+deb11u7 4.3.6+dfsg-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/
- https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html
- https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/
- https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4
- https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28959
- https://nvd.nist.gov/vuln/detail/CVE-2022-28959
- https://launchpad.net/bugs/cve/CVE-2022-28959
- https://security-tracker.debian.org/tracker/CVE-2022-28959
- https://ubuntu.com/security/CVE-2022-28959
Frequently Asked Questions
What is the vulnerability ID for the Spip Web Framework XSS vulnerabilities?
The vulnerability ID for the Spip Web Framework XSS vulnerabilities is CVE-2022-28959.
What is the severity of CVE-2022-28959?
The severity of CVE-2022-28959 is medium.
How can these XSS vulnerabilities be exploited?
These XSS vulnerabilities can be exploited by attackers to execute arbitrary web scripts or HTML.
Which version of the Spip Web Framework is affected by CVE-2022-28959?
The version of the Spip Web Framework affected by CVE-2022-28959 is v3.1.13 and below.
Are there any fixes or patches available for CVE-2022-28959?
Yes, fixes or patches are available for CVE-2022-28959. It is recommended to update to Spip Web Framework version 3.2.8 or 3.1.13.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- agent/source
- agent/references
- agent/tags
- agent/description
- agent/event
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- vendor/spip
- canonical/spip
- version/spip/3.1.13
- package-manager/debian