{"id":"UBUNTU-CVE-2017-15736","details":"Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.","modified":"2026-04-07T10:32:18.301092Z","published":"2017-10-22T18:29:00Z","related":["USN-4536-1"],"upstream":["CVE-2017-15736"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15736"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4536-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2017-15736"}],"affected":[{"package":{"name":"spip","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/spip@3.0.21-1ubuntu1+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.0.20-1","3.0.21-1","3.0.21-1ubuntu1","3.0.21-1ubuntu1+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"spip","binary_version":"3.0.21-1ubuntu1+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-15736.json"}},{"package":{"name":"spip","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/spip@3.1.4-4~deb9u3build0.18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.4-4~deb9u3build0.18.04.1"}]}],"versions":["3.1.4-3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"spip","binary_version":"3.1.4-4~deb9u3build0.18.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-15736.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}