CVE-2019-16392: Cross-site Scripting

September 17, 2019 (updated September 25, 2019)

SPIP allows prive/formulaires/login.php XSS via error messages.

References

blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html
git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028
nvd.nist.gov/vuln/detail/CVE-2019-16392

Detect and mitigate CVE-2019-16392 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →