{"id":"CVE-2021-44120","details":"SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The \"Who are you\" and \"Website Name\" fields are vulnerable.","modified":"2026-03-14T11:16:40.315393Z","published":"2022-01-26T12:15:07.847Z","references":[{"type":"FIX","url":"https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.0.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44120.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}