CVE-2023-52322

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 4, 2024

Updated: Mar 15, 2024

CWE ID 79

Summary

CVE-2023-52322 is a newly disclosed vulnerability in the ecrire/public/assembler.php file of SPIP, an open-source CMS solution. This issue affects versions prior to 4.1.13 and 4.2.x before 4.2.7. The weakness lies in the lack of input validation in the _request() function, allowing malicious scripts to be injected using XSS (Cross-Site Scripting) attacks. An attacker can exploit this bug to steal user data, modify content, or even take control of user sessions. It is crucial for affected SPIP users to upgrade their systems to the latest versions to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SPIP

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uBUHw6
https://www.cve.org/CVERecord?id=CVE-2023-52322
https://nvd.nist.gov/vuln/detail/CVE-2023-52322

Back to Vulnerability Database

CVE-2023-52322

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations