CVE-2013-7303

Published: Jan 30, 2014Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.

Affected (52)

Products: Spip: Spip

Spip

1 product

Spip

Configuration A

52 vulnerable

Vulnerable Software	Affected Versions
Spip Spip	Up to 2.1.24
Spip Spip	Version 2.0.10
Spip Spip	Version 2.0.11
Spip Spip	Version 2.0.12
Spip Spip	Version 2.0.13
Spip Spip	Version 2.0.14
Spip Spip	Version 2.0.15
Spip Spip	Version 2.0.16
Spip Spip	Version 2.0.17
Spip Spip	Version 2.0.18
Spip Spip	Version 2.0.19
Spip Spip	Version 2.0.1
Spip Spip	Version 2.0.20
Spip Spip	Version 2.0.21
Spip Spip	Version 2.0.22
Spip Spip	Version 2.0.2
Spip Spip	Version 2.0.3
Spip Spip	Version 2.0.4
Spip Spip	Version 2.0.5
Spip Spip	Version 2.0.6
Spip Spip	Version 2.0.7
Spip Spip	Version 2.0.8
Spip Spip	Version 2.0.9
Spip Spip	Version 2.1.10
Spip Spip	Version 2.1.11
Spip Spip	Version 2.1.12
Spip Spip	Version 2.1.13
Spip Spip	Version 2.1.14
Spip Spip	Version 2.1.15
Spip Spip	Version 2.1.16
Spip Spip	Version 2.1.17
Spip Spip	Version 2.1.18
Spip Spip	Version 2.1.19
Spip Spip	Version 2.1.1
Spip Spip	Version 2.1.20
Spip Spip	Version 2.1.21
Spip Spip	Version 2.1.22
Spip Spip	Version 2.1.23
Spip Spip	Version 2.1.2
Spip Spip	Version 2.1
Spip Spip	Version 3.0.0
Spip Spip	Version 3.0.10
Spip Spip	Version 3.0.11
Spip Spip	Version 3.0.1
Spip Spip	Version 3.0.2
Spip Spip	Version 3.0.3
Spip Spip	Version 3.0.4
Spip Spip	Version 3.0.5
Spip Spip	Version 3.0.6
Spip Spip	Version 3.0.7
Spip Spip	Version 3.0.8
Spip Spip	Version 3.0.9