spip | Snyk

Direct Vulnerabilities

Known vulnerabilities in the spip package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Open Redirect	<4.4.15+dfsg-0+deb13u1
H Arbitrary Code Injection	<4.4.15+dfsg-0+deb13u1
H Arbitrary Code Injection	<4.4.15+dfsg-0+deb13u1
H Function Call With Incorrect Variable or Reference as Argument	<4.4.13+dfsg-0+deb13u1
H Authentication Bypass	<4.4.11+dfsg-0+deb13u1
H SQL Injection	<4.4.11+dfsg-0+deb13u1
M Open Redirect	<4.4.5+dfsg-1
M Cross-site Scripting (XSS)	<4.3.0+dfsg-1
M Cross-site Scripting (XSS)	<4.4.11+dfsg-0+deb13u1
M CVE-2025-71242	<4.3.6+dfsg-1
M Server-Side Request Forgery (SSRF)	<4.4.11+dfsg-0+deb13u1
H Deserialization of Untrusted Data	<4.4.11+dfsg-0+deb13u1
M Cross-site Scripting (XSS)	<4.4.11+dfsg-0+deb13u1
M Cross-site Scripting (XSS)	<4.3.6+dfsg-1
M Cross-site Scripting (XSS)	<4.4.11+dfsg-0+deb13u1
M Cross-site Scripting (XSS)	<4.4.11+dfsg-0+deb13u1
L Cross-site Scripting (XSS)	*
C CVE-2024-8517	<4.3.2+dfsg-1
L CVE-2024-7954	<4.3.0+dfsg-1
M Cross-site Scripting (XSS)	<4.1.15+dfsg-1
M Cross-site Scripting (XSS)	<4.1.13+dfsg-1
C CVE-2023-27372	<4.1.8+dfsg-1
C SQL Injection	<4.1.7+dfsg-1
H CVE-2022-37155	<4.1.5+dfsg-1
M Cross-site Scripting (XSS)	<3.2.8-1
H SQL Injection	<3.2.8-1
H Improper Encoding or Escaping of Output	<3.2.8-1
M Information Exposure	<4.0.5-1
H CVE-2022-26846	<4.0.5-1
M Cross-site Scripting (XSS)	<3.2.12-1
H Unrestricted Upload of File with Dangerous Type	<3.2.12-1
M Cross-site Scripting (XSS)	<3.2.12-1
H Cross-site Request Forgery (CSRF)	<3.2.12-1
C CVE-2020-28984	<3.2.8-1
M Improper Input Validation	<3.2.7-1
M Information Exposure	<3.2.5-1
M Cross-site Scripting (XSS)	<3.2.5-1
M CVE-2019-16391	<3.2.5-1
M Open Redirect	<3.2.5-1
H Improper Input Validation	<3.2.4-1
M Cross-site Scripting (XSS)	<3.1.4-4
C OS Command Injection	<3.1.4-3
H Directory Traversal	<3.1.3-1
H Improper Input Validation	<3.1.3-1
H Server-Side Request Forgery (SSRF)	<3.1.3-1
H Cross-site Request Forgery (CSRF)	<3.1.3-1
M Cross-site Scripting (XSS)	<3.1.3-1
M Cross-site Scripting (XSS)	<3.1.4-2
M Cross-site Scripting (XSS)	<3.1.4-2
M Cross-site Scripting (XSS)	<3.1.4-2
C Arbitrary Code Injection	<3.0.22-1
C Arbitrary Code Injection	<3.0.22-1
M Cross-site Scripting (XSS)	<3.0.13-1
H Arbitrary Code Injection	<2.1.24-1
M Cross-site Request Forgery (CSRF)	<2.1.24-1
M Cross-site Scripting (XSS)	<2.1.24-1
H CVE-2013-2118	<2.1.22-1
L Cross-site Scripting (XSS)	<2.1.13-1
C CVE-2012-4331	<2.1.13-1
M Access Restriction Bypass	<2.0.9-1
C CVE-2008-5812	<2.0.6-1
H SQL Injection	<2.0.6-1
H Arbitrary Code Injection	<2.0.6-1
H CVE-2006-1702	<2.0.6-1
M CVE-2006-1295	<2.0.6-1
M CVE-2006-0625	<2.0.6-1
M CVE-2006-0626	<2.0.6-1
M CVE-2006-0518	<2.0.6-1
M CVE-2006-0517	<2.0.6-1
M CVE-2006-0519	<2.0.6-1
M CVE-2005-4494	<2.0.6-1

Vulnerability

Vulnerable Version

Open Redirect

<4.4.15+dfsg-0+deb13u1