Vulnerability Name:
CVE-2013-4556 (CCN-88658)
Assigned:
2013-11-10
Published:
2013-11-10
Updated:
2016-12-08
Summary:
Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
CVSS v2 Severity:
4.3 Medium
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
3.7 Low
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
4.3 Medium
(CCN CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
3.7 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
Vulnerability Type:
CWE-79
Vulnerability Consequences:
Cross-Site Scripting
References:
Source: CONFIRM
Type: Patch
http://core.spip.org/projects/spip/repository/revisions/20879
Source: CONFIRM
Type: UNKNOWN
http://core.spip.org/projects/spip/repository/revisions/20880
Source: MITRE
Type: CNA
CVE-2013-4556
Source: CCN
Type: oss-sec Mailing List, Sun, 10 Nov 2013 14:57:28 -0700
Re: CVE Request: multiple vulnerabilities in spip
Source: CCN
Type: SA55215
SPIP Author Page Site URL Script Insertion Vulnerability
Source: SECUNIA
Type: Vendor Advisory
55551
Source: MLIST
Type: UNKNOWN
[oss-security] 20131110 Re: CVE Request: multiple vulnerabilities in spip
Source: CCN
Type: BID-63636
SPIP 'editer_auteur.php' CVE-2013-4556 Cross Site Scripting Vulnerability
Source: SECTRACK
Type: UNKNOWN
1029317
Source: CCN
Type: SPIP Web site
SPIP
Source: CONFIRM
Type: UNKNOWN
http://www.spip.net/fr_article5646.html
Source: CONFIRM
Type: UNKNOWN
http://www.spip.net/fr_article5648.html
Source: XF
Type: UNKNOWN
spip-cve20134556-xss(88658)
Source: DEBIAN
Type: UNKNOWN
DSA-2794
Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-4556
Vulnerable Configuration:
Configuration 1
:
cpe:/a:spip:spip:2.0.0:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.1:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.2:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.3:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.4:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.5:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.6:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.7:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.8:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.9:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.10:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.11:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.12:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.13:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.14:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.15:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.16:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.17:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.18:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.19:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.20:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.21:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.0.22:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.1:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.2:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.3:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.4:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.5:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.6:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.7:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.8:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.9:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.10:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.11:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.12:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.13:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.14:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.15:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.16:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.17:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.18:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.19:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.20:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.21:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:2.1.22:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:*:*:*:*:*:*:*:*
(Version <= 2.1.23)
OR
cpe:/a:spip:spip:3.0.0:-:*:*:*:*:*:*
OR
cpe:/a:spip:spip:3.0.1:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:3.0.2:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:3.0.3:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:3.0.4:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:3.0.5:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:3.0.6:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:3.0.7:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:3.0.8:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:3.0.9:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:3.0.10:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:3.0.11:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:spip:spip:2.1.23:*:*:*:*:*:*:*
OR
cpe:/a:spip:spip:3.0.11:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.mitre.oval:def:19919
P
DSA-2794-1 spip - several
2014-06-23
oval:com.ubuntu.bionic:def:201345560000000
V
CVE-2013-4556 on Ubuntu 18.04 LTS (bionic) - medium.
2013-11-18
oval:com.ubuntu.xenial:def:201345560000000
V
CVE-2013-4556 on Ubuntu 16.04 LTS (xenial) - medium.
2013-11-18
oval:com.ubuntu.cosmic:def:201345560000000
V
CVE-2013-4556 on Ubuntu 18.10 (cosmic) - medium.
2013-11-17
oval:com.ubuntu.artful:def:20134556000
V
CVE-2013-4556 on Ubuntu 17.10 (artful) - medium.
2013-11-17
oval:com.ubuntu.trusty:def:20134556000
V
CVE-2013-4556 on Ubuntu 14.04 LTS (trusty) - medium.
2013-11-17
oval:com.ubuntu.bionic:def:20134556000
V
CVE-2013-4556 on Ubuntu 18.04 LTS (bionic) - medium.
2013-11-17
oval:com.ubuntu.xenial:def:20134556000
V
CVE-2013-4556 on Ubuntu 16.04 LTS (xenial) - medium.
2013-11-17
oval:com.ubuntu.cosmic:def:20134556000
V
CVE-2013-4556 on Ubuntu 18.10 (cosmic) - medium.
2013-11-17
oval:com.ubuntu.precise:def:20134556000
V
CVE-2013-4556 on Ubuntu 12.04 LTS (precise) - medium.
2013-11-17
BACK
spip
spip 2.0.0
spip
spip 2.0.1
spip
spip 2.0.2
spip
spip 2.0.3
spip
spip 2.0.4
spip
spip 2.0.5
spip
spip 2.0.6
spip
spip 2.0.7
spip
spip 2.0.8
spip
spip 2.0.9
spip
spip 2.0.10
spip
spip 2.0.11
spip
spip 2.0.12
spip
spip 2.0.13
spip
spip 2.0.14
spip
spip 2.0.15
spip
spip 2.0.16
spip
spip 2.0.17
spip
spip 2.0.18
spip
spip 2.0.19
spip
spip 2.0.20
spip
spip 2.0.21
spip
spip 2.0.22
spip
spip 2.1.1
spip
spip 2.1.2
spip
spip 2.1.3
spip
spip 2.1.4
spip
spip 2.1.5
spip
spip 2.1.6
spip
spip 2.1.7
spip
spip 2.1.8
spip
spip 2.1.9
spip
spip 2.1.10
spip
spip 2.1.11
spip
spip 2.1.12
spip
spip 2.1.13
spip
spip 2.1.14
spip
spip 2.1.15
spip
spip 2.1.16
spip
spip 2.1.17
spip
spip 2.1.18
spip
spip 2.1.19
spip
spip 2.1.20
spip
spip 2.1.21
spip
spip 2.1.22
spip
spip *
spip
spip 3.0.0
spip
spip 3.0.1
spip
spip 3.0.2
spip
spip 3.0.3
spip
spip 3.0.4
spip
spip 3.0.5
spip
spip 3.0.6
spip
spip 3.0.7
spip
spip 3.0.8
spip
spip 3.0.9
spip
spip 3.0.10
spip
spip 3.0.11
spip
spip 2.1.23
spip
spip 3.0.11
Denotes that component is vulnerable