" . $err . "
" . "
" . $texte . '
'; $bandeau = "$url"; The Cross-Site Scripting vulnerability is triggered on line 146 : echo "
", $titre, '
', $bandeau, '
', ### Timeline (dd/mm/yyyy) * 15/09/2016 : Initial discovery * 26/09/2016 : Contact with SPIP Team * 27/09/2016 : Answer from SPIP Team, sent advisory details * 27/09/2016 : Incorrect fix from SPIP Team. * 27/09/2016 : New proof of concept for bypassing fixes for XSS sent. * 27/09/2016 : Fixes issued for XSS (23185). * 30/09/2016 : SPIP 3.1.3 Released ### Fixes * http://ift.tt/2dt1cMd * http://ift.tt/2d44Eun * http://ift.tt/2dt0zm9 ### Affected versions * Version <= 3.1.2 ### Credits * Nicolas CHATELAIN, Sysdream (n.chatelain -at- sysdream -dot- com)Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment