First published: Fri Jan 19 2024(Updated: )
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Spip Spip | <4.1.14 | |
Spip Spip | >=4.2.0<4.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.