UBUNTU-CVE-2021-44120

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-44120

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-44120.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-44120

Related

Published

2022-01-26T12:15:00Z

Modified

2025-01-13T10:22:38Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable.

References

Affected packages

Ubuntu:Pro:16.04:LTS / spip

Package

Name: spip
Purl: pkg:deb/ubuntu/spip@3.0.21-1ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.20-1

3.0.21-1

3.0.21-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / spip

Package

Name: spip
Purl: pkg:deb/ubuntu/spip@3.1.4-4~deb9u5build0.18.04.1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.4-4~deb9u5build0.18.04.1

Affected versions

3.*

3.1.4-3

3.1.4-4~deb9u3build0.18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "3.1.4-4~deb9u5build0.18.04.1",
            "binary_name": "spip"
        }
    ]
}

Ubuntu:20.04:LTS / spip

Package

Name: spip
Purl: pkg:deb/ubuntu/spip@3.2.7-1ubuntu0.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.7-1ubuntu0.1

Affected versions

3.*

3.2.4-1

3.2.5-1

3.2.7-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "3.2.7-1ubuntu0.1",
            "binary_name": "spip"
        }
    ]
}