CVE-2017-15736

Related Files

Ubuntu Security Notice USN-4536-1

Posted Sep 24, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4536-1 - Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site scripting attacks. Gilles Vincent discovered that SPIP incorrectly handled password reset requests. A remote attacker could possibly use this issue to cause SPIP to enumerate registered users. Guillaume Fahrner discovered that SPIP did not properly sanitize input. A remote authenticated attacker could possibly use this issue to execute arbitrary code on the host server. Various other issues were also addressed.

tags | advisory, remote, arbitrary, xss

systems | linux, ubuntu

advisories | CVE-2017-15736, CVE-2019-11071, CVE-2019-16391, CVE-2019-16392, CVE-2019-16393, CVE-2019-16394, CVE-2019-19830

SHA-256 | 30f54360516cd591f67d9ab3a8f5d1256d5b3229e6a41af49cf458f85fb95a0b

Download | Favorite | View

Debian Security Advisory 4228-1

Posted Jun 14, 2018

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4228-1 - Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.

tags | advisory, php, vulnerability, xss

systems | linux, debian

advisories | CVE-2017-15736

SHA-256 | 5a5feaaf506512f745c53f9e670f39ae79f695bebb733d1abd47c840d8bddca1

Download | Favorite | View