Candidate: CVE-2016-9152
PublicDate: 2016-12-05 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9152
 https://core.spip.net/projects/spip/repository/revisions/23290
Description:
 Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP
 3.1.3 allows remote attackers to inject arbitrary web script or HTML via
 the rac parameter.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847156
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_spip:
upstream_spip: released (3.1.4-2)
precise/esm_spip: DNE
trusty_spip: ignored (out of standard support)
trusty/esm_spip: DNE
xenial_spip: ignored (end of standard support, was needs-triage)
bionic_spip: not-affected (3.1.4-4~deb9u3build0.18.04.1)
focal_spip: not-affected
groovy_spip: not-affected
hirsute_spip: not-affected
impish_spip: not-affected
jammy_spip: not-affected
devel_spip: not-affected