CVE-2021-44122

HIGH

SPIP 4.0.0 - Cross-Site Request Forgery in ecrire/public/aiguiller.php

Title source: llm
STIX 2.1

Description

SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF).

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0049
EPSS Percentile 38.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
spip/spip 4.0.0
Published Jan 26, 2022
Tracked Since Feb 18, 2026