Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-j37t-tg2b-93ey
Vulnerability ID VCID-j37t-tg2b-93ey
Aliases CVE-2021-44122
Summary Cross-Site Request Forgery (CSRF) SPIP is affected by a Cross Site Request Forgery (CSRF) vulnerability in `ecrire/public/aiguiller.php`, `ecrire/public/balises.php`, `ecrire/balise/formulaire_.php`. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF).
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.0022 https://api.first.org/data/v1/epss?cve=CVE-2021-44122
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-44122
https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db
CVE-2021-44122 https://nvd.nist.gov/vuln/detail/CVE-2021-44122
USN-5482-1 https://usn.ubuntu.com/5482-1/
USN-5482-2 https://usn.ubuntu.com/5482-2/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.44678
EPSS Score 0.0022
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:56:45.343602+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/spip/spip/CVE-2021-44122.yml 38.6.0