CVE-2021-44118

Priority
Description
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To
exploit the vulnerability, a visitor must browse to a malicious SVG file.
The vulnerability allows an authenticated attacker to inject malicious code
running on the client side into web pages visited by other users (stored
XSS).
Notes
Package
Source: spip (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 18.04 LTS:needed
Ubuntu 20.04 LTS:needed
Ubuntu 21.10:needed
Ubuntu 22.04 LTS:needs-triage
Patches:
More Information

Updated: 2022-04-25 00:59:13 UTC (commit ecc1009cb19540b950de59270950018900f37f15)