VDB
CVE-2016-7981
CVE-2016-7981
PUBLISHED
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
EPSS 43.50% · 97.6th percentile
Risk Scores
EPSS Score
43.50%
97.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | spip | 3.0.20-1, 3.0.21-1ubuntu1, 3.0.21-1 |
Exploit Intelligence
- 93451 (circl)
- [oss-security] 20161012 CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting (circl)
- https://core.spip.net/projects/spip/repository/revisions/23200 (circl)
- [oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE (circl)
- [oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE (circl)
- https://core.spip.net/projects/spip/repository/revisions/23202 (circl)
- https://core.spip.net/projects/spip/repository/revisions/23201 (circl)
- SPIP 3.1.2 Cross Site Scripting Vulnerability (0day-today)
- SPIP 3.1.2 Cross Site Scripting Vulnerability (0day-today)
- Nuclei Template: CVE-2016-7981 (nuclei-template)
…and 5 more exploits
Timeline
- Oct 20, 2016 PoC Published
- Jan 18, 2017 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 18, 2025 EPSS Score
- Mar 23, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 1, 2025 EPSS Score
- Apr 11, 2025 EPSS Score
- Apr 12, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-7981 third-party-advisory
- https://core.spip.net/projects/spip/repository/revisions/23200 third-party-advisory
- https://core.spip.net/projects/spip/repository/revisions/23201 third-party-advisory
- https://core.spip.net/projects/spip/repository/revisions/23202 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-7981 third-party-advisory