{"id":"USN-5482-1","summary":"spip vulnerabilities","details":"\nIt was discovered that SPIP incorrectly validated inputs. An authenticated\nattacker could possibly use this issue to execute arbitrary code.\nThis issue only affected Ubuntu 18.04 LTS. (CVE-2020-28984)\n\nCharles Fol and Théo Gordyjan discovered that SPIP is vulnerable to Cross\nSite Scripting (XSS). If a user were tricked into browsing a malicious SVG\nfile, an attacker could possibly exploit this issue to execute arbitrary\ncode. This issue was only fixed in Ubuntu 21.10. (CVE-2021-44118,\nCVE-2021-44120, CVE-2021-44122, CVE-2021-44123)\n\nIt was discovered that SPIP incorrectly handled certain forms. A remote\nauthenticated editor could possibly use this issue to execute arbitrary code,\nand a remote unauthenticated attacker could possibly use this issue to obtain\nsensitive information. (CVE-2022-26846, CVE-2022-26847)\n","modified":"2026-02-10T04:42:40Z","published":"2022-06-16T16:22:11Z","related":["UBUNTU-CVE-2020-28984","UBUNTU-CVE-2021-44118","UBUNTU-CVE-2021-44120","UBUNTU-CVE-2021-44122","UBUNTU-CVE-2021-44123","UBUNTU-CVE-2022-26846","UBUNTU-CVE-2022-26847"],"upstream":["CVE-2020-28984","CVE-2021-44118","CVE-2021-44120","CVE-2021-44122","CVE-2021-44123","CVE-2022-26846","CVE-2022-26847","UBUNTU-CVE-2020-28984","UBUNTU-CVE-2021-44118","UBUNTU-CVE-2021-44120","UBUNTU-CVE-2021-44122","UBUNTU-CVE-2021-44123","UBUNTU-CVE-2022-26846","UBUNTU-CVE-2022-26847"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5482-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-28984"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-44118"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-44120"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-44122"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-44123"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-26846"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-26847"}],"affected":[{"package":{"name":"spip","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/spip@3.1.4-4~deb9u5build0.18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.4-4~deb9u5build0.18.04.1"}]}],"versions":["3.1.4-3","3.1.4-4~deb9u3build0.18.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"spip","binary_version":"3.1.4-4~deb9u5build0.18.04.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5482-1.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2020-28984"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-44118"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-44120"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-44122"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-44123"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-26846"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-26847"}]}}}],"schema_version":"1.7.3"}