CVE-2020-28984
Summary
| CVE | CVE-2020-28984 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-11-23 22:15:00 UTC |
| Updated | 2021-02-04 15:05:00 UTC |
| Description | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Spip | Spip | All | All | All | All |
| Application | Spip | Spip | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian -- Security Information -- DSA-4798-1 spip | DEBIAN | www.debian.org | Third Party Advisory |
| n'enregistrer que les preferences licites (g0uZ) · ae4267eba1 - spip - SPIP on GIT | MISC | git.spip.net | Patch, Vendor Advisory |
| [SECURITY] [DLA 2505-1] spip security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| Comparing 8eb11ba132...0cb72efbf5 - spip - SPIP on GIT | MISC | git.spip.net | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 198833 Ubuntu Security Notification for SPIP Vulnerabilities (USN-5482-1)