Bugs fixes in "spip"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2021-44123 | SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a d | 2023-03-02 |
| CVE | CVE-2021-44122 | SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/ | 2023-03-02 |
| CVE | CVE-2021-44120 | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable | 2023-03-02 |
| CVE | CVE-2021-44118 | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. Th | 2023-03-02 |
| CVE | CVE-2021-44123 | SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a d | 2023-03-02 |
| CVE | CVE-2021-44122 | SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/ | 2023-03-02 |
| CVE | CVE-2021-44120 | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable | 2023-03-02 |
| CVE | CVE-2021-44118 | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. Th | 2023-03-02 |
| CVE | CVE-2022-26847 | SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. | 2022-06-16 |
| CVE | CVE-2022-26846 | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. | 2022-06-16 |
| CVE | CVE-2020-28984 | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils | 2022-06-16 |
| Launchpad | 1971185 | Multiple vulnerabilities in Bionic and Impish | 2022-06-16 |
| CVE | CVE-2022-26847 | SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. | 2022-06-16 |
| CVE | CVE-2022-26846 | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. | 2022-06-16 |
| CVE | CVE-2020-28984 | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils | 2022-06-16 |
| Launchpad | 1971185 | Multiple vulnerabilities in Bionic and Impish | 2022-06-16 |
| Debian | 651157 | spip: Incorrect path in README.Debian - Debian Bug report logs | 2012-04-24 |
| Debian | 670110 | Several security issues - Debian Bug report logs | 2012-04-24 |
| Debian | 649113 | spip: New version (2.1.12) fixes several security issues - Debian Bug report logs | 2011-12-19 |
About
-
Send Feedback to @ubuntu_updates
