logo

Database

Server side cross-site scripting In spip

Description

Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2016-79812. NVD-2016-79813. OSV-DEBIAN-2016-79814. OSV-2016-79815. SECURITY-TRACKER-CVE-2016-7981

References

1. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2016/CVE-2016-7981.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.