Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-44118

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).

Related bugs and status

CVE-2021-44118 (Candidate) is related to these bugs:

Bug #1971185: Multiple vulnerabilities in Bionic and Impish

		In	Importance	Status
1971185	Multiple vulnerabilities in Bionic and Impish	spip (Ubuntu)	Undecided	Fix Released
1971185	Multiple vulnerabilities in Bionic and Impish	spip (Ubuntu Bionic)	Undecided	Fix Released
1971185	Multiple vulnerabilities in Bionic and Impish	spip (Ubuntu Impish)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://git.spip.net/s...
MISC: https://git.spip.net/s...
MISC: https://git.spip.net/s...