CVE-2021-44120 — Vulnetix

CVE-2021-44120 PUBLISHED CVSS 5.400000095367432 MEDIUM

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable.

EPSS 0.38% · 60.0th percentile

Risk Scores

CVSS 3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.38%

60.0th percentile

Affected Products

Vendor	Product	Versions
spip	spip	4.0.0
n/a	n/a	n/a

Exploit Intelligence

https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81 (circl)

Timeline

Jan 26, 2022 CVE Published
Jan 27, 2022 EPSS Score
Feb 1, 2022 CVE Updated
Mar 21, 2022 EPSS Score
May 13, 2022 EPSS Score
Jul 5, 2022 EPSS Score
Aug 27, 2022 EPSS Score
Oct 19, 2022 EPSS Score
Dec 11, 2022 EPSS Score
Feb 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 27, 2023 EPSS Score

References

Open in Interactive Console →