vulnerability

Debian: CVE-2021-44122: spip -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Jan 26, 2022	Jan 31, 2022	Aug 15, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Jan 26, 2022

Added

Jan 31, 2022

Modified

Aug 15, 2025

Description

SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF).

Solution

debian-upgrade-spip

References

CVE-2021-44122
https://attackerkb.com/topics/CVE-2021-44122
CWE-352
DEBIAN-DLA-2867-1
DEBIAN-DSA-5028-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today