CVE-2016-9998

CVE-2016-9998

EPSS 0.9%

SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://core.spip.net/projects/spip/repository/revisions/23288 http://www.securityfocus.com/bid/95008 http://www.securitytracker.com/id/1037486