| Bug | Description |
|---|
| TEMP-0683667-E2E855 | base name disclosure |
| TEMP-0672961-92221C | two XSS |
| TEMP-0649113-869F0D | spip XSS |
| TEMP-0649113-5F7BC7 | spip privilege escalation |
| TEMP-0646758-12F1BD | spip path disclosure |
| TEMP-0609212-CA8607 | multiple spip issues |
| TEMP-0000000-ED76D0 | Sanitizing and other XSS protections |
| TEMP-0000000-803658 | several security fixes: PHP injections, XSS and secrets stored in session file |
| TEMP-0000000-42228B | spip DoS |
| TEMP-0000000-4677DE | spip: XSS alowing priviledge escalation |
| TEMP-0000000-96AFF4 | spip: Use a dedicated function to clean author data when preparing a session |
| CVE-2024-23659 | SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of a ... |
| CVE-2023-52322 | ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2 ... |
| CVE-2023-27372 | SPIP before 4.2.1 allows Remote Code Execution via form values in the ... |
| CVE-2023-24258 | SPIP v4.1.5 and earlier was discovered to contain a SQL injection vuln ... |
| CVE-2022-37155 | RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to ... |
| CVE-2022-28961 | Spip Web Framework v3.1.13 and below was discovered to contain multipl ... |
| CVE-2022-28960 | A PHP injection vulnerability in Spip before v3.2.8 allows attackers t ... |
| CVE-2022-28959 | Multiple cross-site scripting (XSS) vulnerabilities in the component / ... |
| CVE-2022-26847 | SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access ... |
| CVE-2022-26846 | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated ed ... |
| CVE-2021-44123 | SPIP 4.0.0 is affected by a remote command execution vulnerability. To ... |
| CVE-2021-44122 | SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ... |
| CVE-2021-44120 | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ... |
| CVE-2021-44118 | SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. ... |
| CVE-2020-28984 | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does ... |
| CVE-2019-19830 | _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authent ... |
| CVE-2019-16394 | SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messa ... |
| CVE-2019-16393 | SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ec ... |
| CVE-2019-16392 | SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login ... |
| CVE-2019-16391 | SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors ... |
| CVE-2019-11071 | SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visit ... |
| CVE-2017-15736 | Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 ... |
| CVE-2017-9736 | SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell ... |
| CVE-2016-9998 | SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability ... |
| CVE-2016-9997 | SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability ... |
| CVE-2016-9152 | Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ... |
| CVE-2016-7999 | ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote at ... |
| CVE-2016-7998 | The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows r ... |
| CVE-2016-7982 | Directory traversal vulnerability in ecrire/exec/valider_xml.php in SP ... |
| CVE-2016-7981 | Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3. ... |
| CVE-2016-7980 | Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider ... |
| CVE-2016-3154 | The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2 ... |
| CVE-2016-3153 | SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 al ... |
| CVE-2013-7303 | Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes- ... |
| CVE-2013-4557 | The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 ... |
| CVE-2013-4556 | Cross-site scripting (XSS) vulnerability in the author page (prive/for ... |
| CVE-2013-4555 | Cross-site request forgery (CSRF) vulnerability in ecrire/action/logou ... |
| CVE-2013-2118 | SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 ... |
| CVE-2012-4331 | Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x bef ... |
| CVE-2012-2151 | Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x befo ... |
| CVE-2009-3041 | SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper acc ... |
| CVE-2008-5813 | SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1. ... |
| CVE-2008-5812 | Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 be ... |
| CVE-2007-4525 | PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7 ... |
| CVE-2006-1702 | PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8 ... |
| CVE-2006-1295 | Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8 ... |
| CVE-2006-0626 | SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and ... |
| CVE-2006-0625 | Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and e ... |
| CVE-2006-0519 | SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows rem ... |
| CVE-2006-0518 | Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ... |
| CVE-2006-0517 | Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_f ... |
| CVE-2005-4494 | Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier all ... |