| Max CVSS | 6.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-16392 | 4.3 |
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
|
13-02-2023 - 19:19 | 17-09-2019 - 21:15 | |
| CVE-2019-16391 | 4.0 |
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
|
13-02-2023 - 19:19 | 17-09-2019 - 21:15 | |
| CVE-2019-16393 | 5.8 |
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
|
13-02-2023 - 19:09 | 17-09-2019 - 21:15 | |
| CVE-2019-19830 | 4.0 |
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
|
03-05-2022 - 14:28 | 17-12-2019 - 05:15 | |
| CVE-2019-16394 | 5.0 |
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
|
03-05-2022 - 14:28 | 17-09-2019 - 21:15 | |
| CVE-2019-19830 | 4.0 |
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
|
28-09-2020 - 18:15 | 17-12-2019 - 05:15 | |
| CVE-2019-16391 | 4.0 |
SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php.
|
28-09-2020 - 18:15 | 17-09-2019 - 21:15 | |
| CVE-2019-16394 | 5.0 |
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers.
|
28-09-2020 - 18:15 | 17-09-2019 - 21:15 | |
| CVE-2019-16392 | 4.3 |
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
|
28-09-2020 - 18:15 | 17-09-2019 - 21:15 | |
| CVE-2019-16393 | 5.8 |
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
|
28-09-2020 - 18:15 | 17-09-2019 - 21:15 | |
| CVE-2019-11071 | 6.5 |
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
|
28-09-2020 - 18:15 | 10-04-2019 - 21:29 | |
| CVE-2017-15736 | 4.3 |
Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/tex
|
28-09-2020 - 18:15 | 22-10-2017 - 18:29 | |
| CVE-2017-15736 | 4.3 |
Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/tex
|
28-09-2020 - 18:15 | 22-10-2017 - 18:29 | |
| CVE-2019-11071 | 6.5 |
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled.
|
28-09-2020 - 18:15 | 10-04-2019 - 21:29 |