CVE-2022-28959

MEDIUM

SPIP < 3.1.13 - Cross-Site Scripting in /spip.php

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.

References (5)

Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/

Scores

CVSS v3 6.1
EPSS 0.0146
EPSS Percentile 70.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
spip/spip < 3.1.13
Published May 19, 2022
Tracked Since Feb 18, 2026