{"id":"CVE-2020-28984","details":"prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.","modified":"2026-04-09T07:12:34.325353Z","published":"2020-11-23T22:15:12.570Z","references":[{"type":"ADVISORY","url":"https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00036.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4798"},{"type":"FIX","url":"https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.spip.net/spip/spip","events":[{"introduced":"0"},{"fixed":"0cb72efbf54729835d148593401157ea04f66c82"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.2.8"}]}}],"versions":["v3.0.0-beta.2","v3.1.0-alpha","v3.1.0-beta","v3.2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28984.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}