The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
Base Score: 4.3
Impact Score: 2.9
Exploitability Score: 8.6
Base Score: 7.4
Impact Score: 4
Exploitability Score: 2.8
cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:* versions up to 3.1.2 (inclusive)