Bugs fixes in "spip"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2024-8517 | SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary opera | 2025-03-04 |
| CVE | CVE-2022-23638 | svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to v | 2025-03-04 |
| CVE | CVE-2024-8517 | SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary opera | 2025-03-04 |
| CVE | CVE-2022-23638 | svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to v | 2025-03-04 |
| CVE | CVE-2021-44123 | SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a d | 2023-03-02 |
| CVE | CVE-2021-44122 | SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/ | 2023-03-02 |
| CVE | CVE-2021-44120 | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable | 2023-03-02 |
| CVE | CVE-2021-44118 | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. Th | 2023-03-02 |
| CVE | CVE-2021-44123 | SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a d | 2023-03-02 |
| CVE | CVE-2021-44122 | SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/ | 2023-03-02 |
| CVE | CVE-2021-44120 | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable | 2023-03-02 |
| CVE | CVE-2021-44118 | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. Th | 2023-03-02 |
| CVE | CVE-2022-26847 | SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. | 2022-06-16 |
| CVE | CVE-2022-26846 | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. | 2022-06-16 |
| CVE | CVE-2020-28984 | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils | 2022-06-16 |
| Launchpad | 1971185 | Multiple vulnerabilities in Bionic and Impish | 2022-06-16 |
| CVE | CVE-2022-26847 | SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. | 2022-06-16 |
| CVE | CVE-2022-26846 | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. | 2022-06-16 |
| CVE | CVE-2020-28984 | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils | 2022-06-16 |
| Launchpad | 1971185 | Multiple vulnerabilities in Bionic and Impish | 2022-06-16 |
About
-
Send Feedback to @ubuntu_updates
