|Title||spip security update|
|Name||DSA-2461||First vendor Publication||2012-04-26|
|Vendor||Debian||Last vendor Modification||2012-04-26|
Security-Database Scoring CVSS v2
|Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)|
|Cvss Base Score||4.3||Attack Range||Network|
|Cvss Impact Score||2.9||Attack Complexity||Medium|
|Cvss Expoit Score||8.6||Authentification||None Required|
|Calculate full CVSS 2.0 Vectors scores|
Several vulnerabilities have been found in SPIP, a website engine for publishing, resulting in cross-site scripting, script code injection and bypass of restrictions.
For the stable distribution (squeeze), this problem has been fixed in version 2.1.1-3squeeze3.
For the testing distribution (wheezy), this problem has been fixed in version 2.1.13-1.
For the unstable distribution (sid), this problem has been fixed in version 2.1.13-1.
We recommend that you upgrade your spip packages.
|Url : http://www.debian.org/security/2012/dsa-2461|
CWE : Common Weakness Enumeration
|CWE-79||Failure to Preserve Web Page Structure ('Cross-site Scripting')|
CPE : Common Platform Enumeration