vulnerability
Ubuntu: USN-4536-1 (CVE-2017-15736): SPIP vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Oct 22, 2017 | Sep 25, 2020 | Apr 25, 2025 |
Description
Youssouf Boulouiz discovered that SPIP incorrectly handled login error
messages. A remote attacker could potentially exploit this to conduct
cross-site scripting (XSS) attacks. (CVE-2019-16392)
Gilles Vincent discovered that SPIP incorrectly handled password reset
requests. A remote attacker could possibly use this issue to cause SPIP to
enumerate registered users. (CVE-2019-16394)
Guillaume Fahrner discovered that SPIP did not properly sanitize input. A
remote authenticated attacker could possibly use this issue to execute
arbitrary code on the host server. (CVE-2019-11071)
Sylvain Lefevre discovered that SPIP incorrectly handled user
authorization. A remote attacker could possibly use this issue to modify
and publish content and modify the database. (CVE-2019-16391)
It was discovered that SPIP did not properly sanitize input. A remote
attacker could, through cross-site scripting (XSS) and PHP injection,
exploit this to inject arbitrary web script or HTML. (CVE-2017-15736)
Alexis Zucca discovered that SPIP incorrectly handled the media plugin. A
remote authenticated attacker could possibly use this issue to write to
the database. (CVE-2019-19830)
Christophe Laffont discovered that SPIP incorrectly handled redirect URLs.
An attacker could use this issue to cause SPIP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2019-16393)
Solution
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.