CVE-2021-44118
https://notcve.org/view.php?id=CVE-2021-44118
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS). SPIP versión 4.0.0 está afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS). Para explotar la vulnerabilidad, un visitante debe navegar a un archivo SVG malicioso. • https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •