{"id":"USN-7318-1","summary":"spip vulnerabilities","details":"It was discovered that svg-sanitizer, vendored in SPIP, did not properly\nsanitize SVG/XML content. An attacker could possibly use this issue to\nperform cross site scripting. This issue only affected Ubuntu 24.10.\n(CVE-2022-23638)\n\nIt was discovered that SPIP did not properly sanitize certain inputs. A\nremote attacker could possibly use this issue to perform cross site\nscripting. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28959)\n\nIt was discovered that SPIP did not properly sanitize certain inputs. A\nremote attacker could possibly use this issue to perform PHP injection\nattacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28960)\n\nIt was discovered that SPIP did not properly sanitize certain inputs. A\nremote attacker could possibly use this issue to perform SQL injection\nattacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28961)\n\nIt was discovered that SPIP did not properly sanitize certain inputs. A\nremote authenticated attacker could possibly use this issue to execute\narbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-37155)\n\nIt was discovered that SPIP did not properly sanitize certain inputs. A\nremote attacker could possibly use this issue to perform SQL injection\nattacks. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.\n(CVE-2023-24258)\n\nIt was discovered that SPIP did not properly handle serialization under\ncertain circumstances. A remote attacker could possibly use this issue to\nexecute arbitrary code. This issue only affected Ubuntu 18.04 LTS and\nUbuntu 20.04 LTS. (CVE-2023-27372)\n\nIt was discovered that SPIP did not properly sanitize HTTP requests. A\nremote attacker could possibly use this issue to execute arbitrary code.\n(CVE-2024-8517)\n","modified":"2026-04-27T17:32:30.009914355Z","published":"2025-03-04T00:21:21Z","related":["UBUNTU-CVE-2022-23638","UBUNTU-CVE-2022-28959","UBUNTU-CVE-2022-28960","UBUNTU-CVE-2022-28961","UBUNTU-CVE-2022-37155","UBUNTU-CVE-2023-24258","UBUNTU-CVE-2023-27372","UBUNTU-CVE-2024-8517"],"upstream":["CVE-2022-23638","CVE-2022-28959","CVE-2022-28960","CVE-2022-28961","CVE-2022-37155","CVE-2023-24258","CVE-2023-27372","CVE-2024-8517","UBUNTU-CVE-2022-23638","UBUNTU-CVE-2022-28959","UBUNTU-CVE-2022-28960","UBUNTU-CVE-2022-28961","UBUNTU-CVE-2022-37155","UBUNTU-CVE-2023-24258","UBUNTU-CVE-2023-27372","UBUNTU-CVE-2024-8517"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7318-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-23638"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-28959"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-28960"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-28961"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-37155"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-24258"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-27372"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-8517"}],"affected":[{"package":{"name":"spip","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/spip@3.1.4-4~deb9u5ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.4-4~deb9u5ubuntu0.1~esm2"}]}],"versions":["3.1.4-3","3.1.4-4~deb9u3build0.18.04.1","3.1.4-4~deb9u5build0.18.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.1.4-4~deb9u5ubuntu0.1~esm2","binary_name":"spip"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7318-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-28959"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}],"id":"CVE-2022-28960"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-28961"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-37155"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-24258"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-27372"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-8517"}]}}},{"package":{"name":"spip","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/spip@3.2.7-1ubuntu0.1+esm2?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.7-1ubuntu0.1+esm2"}]}],"versions":["3.2.4-1","3.2.5-1","3.2.7-1","3.2.7-1ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.2.7-1ubuntu0.1+esm2","binary_name":"spip"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7318-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-24258"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-27372"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-8517"}]}}}],"schema_version":"1.7.5"}