Showing 1 - 2 of 2

CVE-2019-16393

Status Candidate

Overview

SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.

Ubuntu Security Notice USN-4536-1: Posted Sep 24, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4536-1 - Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site scripting attacks. Gilles Vincent discovered that SPIP incorrectly handled password reset requests. A remote attacker could possibly use this issue to cause SPIP to enumerate registered users. Guillaume Fahrner discovered that SPIP did not properly sanitize input. A remote authenticated attacker could possibly use this issue to execute arbitrary code on the host server. Various other issues were also addressed.; tags | advisory, remote, arbitrary, xss; systems | linux, ubuntu; advisories | CVE-2017-15736, CVE-2019-11071, CVE-2019-16391, CVE-2019-16392, CVE-2019-16393, CVE-2019-16394, CVE-2019-19830; SHA-256 | 30f54360516cd591f67d9ab3a8f5d1256d5b3229e6a41af49cf458f85fb95a0b; Download | Favorite | View

Debian Security Advisory 4532-1: Posted Sep 25, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4532-1 - It was discovered that SPIP, a website engine for publishing, would allow unauthenticated users to modify published content and write to the database, perform cross-site request forgeries, and enumerate registered users.; tags | advisory; systems | linux, debian; advisories | CVE-2019-16391, CVE-2019-16392, CVE-2019-16393, CVE-2019-16394; SHA-256 | 91fcccc1e00b0774df0025f5b0586e72edbb0b614c9ea84e4d7f9b4d49c5d5f6; Download | Favorite | View

Page 1 of 1 Back 1 Next