logo

Database

Server side cross-site scripting In spip

Description

SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the $plugin parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2016-99982. NVD-2016-99983. OSV-DEBIAN-2016-99984. OSV-2016-99985. SECURITY-TRACKER-CVE-2016-9998

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.