CVE-2021-44118 — Vulnetix

CVE-2021-44118 PUBLISHED CVSS 5.400000095367432 MEDIUM

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).

EPSS 0.28% · 51.5th percentile

Risk Scores

CVSS 3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.28%

51.5th percentile

Affected Products

Vendor	Product	Versions
spip	spip	4.0.0
n/a	n/a	n/a

Exploit Intelligence

https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a (circl)
https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357 (circl)
https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba (circl)

Timeline

Jan 26, 2022 CVE Published
Jan 27, 2022 EPSS Score
Feb 1, 2022 CVE Updated
Mar 21, 2022 EPSS Score
May 13, 2022 EPSS Score
Jul 5, 2022 EPSS Score
Aug 27, 2022 EPSS Score
Oct 19, 2022 EPSS Score
Dec 11, 2022 EPSS Score
Feb 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 27, 2023 EPSS Score

References

https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a url
https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357 url
https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba url
https://nvd.nist.gov/vuln/detail/CVE-2021-44118 advisory

Open in Interactive Console →