CVE-2013-7303

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.

Affected packages (1)

• Debian/spipfrom 0, < 3.0.13-1

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-7303