| Max CVSS | 5.8 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-16392 | 4.3 |
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
|
13-02-2023 - 19:19 | 17-09-2019 - 21:15 | |
| CVE-2019-16391 | 4.0 |
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
|
13-02-2023 - 19:19 | 17-09-2019 - 21:15 | |
| CVE-2019-16393 | 5.8 |
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
|
13-02-2023 - 19:09 | 17-09-2019 - 21:15 | |
| CVE-2019-16394 | 5.0 |
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
|
03-05-2022 - 14:28 | 17-09-2019 - 21:15 | |
| CVE-2019-16391 | 4.0 |
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
|
28-09-2020 - 18:15 | 17-09-2019 - 21:15 | |
| CVE-2019-16394 | 5.0 |
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
|
28-09-2020 - 18:15 | 17-09-2019 - 21:15 | |
| CVE-2019-16392 | 4.3 |
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
|
28-09-2020 - 18:15 | 17-09-2019 - 21:15 | |
| CVE-2019-16393 | 5.8 |
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
|
28-09-2020 - 18:15 | 17-09-2019 - 21:15 |