vulnerability

Ubuntu: (Multiple Advisories) (CVE-2021-44122): SPIP vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Jan 26, 2022	Mar 22, 2023	Aug 18, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Jan 26, 2022

Added

Mar 22, 2023

Modified

Aug 18, 2025

Description

SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF).

Solution

ubuntu-upgrade-spip

References

CVE-2021-44122
https://attackerkb.com/topics/CVE-2021-44122
CWE-352
UBUNTU-USN-5482-1
UBUNTU-USN-5482-2

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today