CVE-2016-9152

CVE-2016-9152

EPSS 1.1%

Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://core.spip.net/projects/spip/repository/revisions/23290 http://www.securityfocus.com/bid/94658 http://www.securitytracker.com/id/1037392