PublicDateAtUSN: 2017-10-22 18:29:00 UTC
Candidate: CVE-2017-15736
PublicDate: 2017-10-22 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15736
 https://ubuntu.com/security/notices/USN-4536-1
Description:
 Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7
 allows remote attackers to inject arbitrary web script or HTML via a
 crafted string, as demonstrated by a PGP field, related to
 prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_spip:
upstream_spip: released (3.1.4-4)
precise/esm_spip: DNE
trusty_spip: ignored (reached end-of-life)
trusty/esm_spip: DNE (trusty was needed)
xenial_spip: ignored (end of standard support, was needed)
zesty_spip: ignored (reached end-of-life)
artful_spip: ignored (reached end-of-life)
bionic_spip: released (3.1.4-4~deb9u3build0.18.04.1)
cosmic_spip: not-affected (3.1.4-4)
disco_spip: not-affected (3.1.4-4)
eoan_spip: not-affected (3.1.4-4)
focal_spip: not-affected (3.1.4-4)
groovy_spip: not-affected (3.1.4-4)
hirsute_spip: not-affected (3.1.4-4)
impish_spip: not-affected (3.1.4-4)
jammy_spip: not-affected (3.1.4-4)
devel_spip: not-affected (3.1.4-4)