Description
SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 13 | | | 4.3.0+dfsg-1 |
debian 11 | | =3.2.11-3 || =3.2.11-3+deb11u1 || =3.2.11-3+deb11u10 || =3.2.11-3+deb11u2 || =3.2.11-3+deb11u3 || =3.2.11-3+deb11u4 || =3.2.11-3+deb11u5 || =3.2.11-3+deb11u6 || =3.2.11-3+deb11u7 || =3.2.11-3+deb11u8 || =3.2.11-3+deb11u9 || =3.2.12-1 || =4.0.1-1 || =4.0.2-1 || =4.0.4-1 || =4.0.5-1 || =4.1.0~alpha+dfsg-1 || =4.1.0~beta+dfsg-1 || =4.1.0~rc+dfsg-1 || =4.1.1+dfsg-1 || =4.1.10+dfsg-1 || =4.1.11+dfsg-1 || =4.1.12+dfsg-1 || =4.1.13+dfsg-1 || =4.1.15+dfsg-1 || =4.1.15+dfsg-2 || =4.1.2+dfsg-1 || =4.1.5+dfsg-1 || =4.1.7+dfsg-1 || =4.1.8+dfsg-1 || =4.1.9+dfsg-1 || =4.2.10+dfsg-1 || =4.2.11+dfsg-1 || =4.2.12+dfsg-1 || =4.2.13+dfsg-1 || =4.2.14+dfsg-1 || =4.2.2+dfsg-1 || =4.2.3+dfsg-1 || =4.2.4+dfsg-1 || =4.2.5+dfsg-1 || =4.2.6+dfsg-1 || =4.2.7+dfsg-1 || =4.2.8+dfsg-1 || =4.2.9+dfsg-1 || =4.2.9+dfsg-2 || =4.3.0+dfsg-1 || =4.3.0~alpha+dfsg-1 || =4.3.0~alpha.2+dfsg-1 || =4.3.0~beta+dfsg-1 || =4.3.1+dfsg-1 || =4.3.2+dfsg-1 || =4.3.3+dfsg-1 || =4.3.4+dfsg-1 || =4.3.5+dfsg-1 || =4.3.6+dfsg-1 || =4.3.8+dfsg-1 || =4.4.10+dfsg-1 || =4.4.11+dfsg-1 || =4.4.13+dfsg-1 || =4.4.14+dfsg-1 || =4.4.15+dfsg-1 || =4.4.2+dfsg-1 || =4.4.3+dfsg-1 || =4.4.4+dfsg-1 || =4.4.5+dfsg-1 || =4.4.6+dfsg-1 || =4.4.7+dfsg-1 || =4.4.8+dfsg-1 || =4.4.9+dfsg-1 | - |
debian 14 | | | 4.3.0+dfsg-1 |
