Fluid Attacks Database

Description

SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the $id parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	spip	>=0 <3.1.4-2	3.1.4-2
debian 11	spip	>=0 <3.1.4-2	3.1.4-2
debian 14	spip	>=0 <3.1.4-2	3.1.4-2

Aliases

1. CVE-2016-99972. NVD-2016-99973. OSV-DEBIAN-2016-99974. OSV-2016-99975. SECURITY-TRACKER-CVE-2016-9997