SPIP spip_login.php3 url Variable Arbitrary Site Redirect
Remote / Network Access
Loss of Integrity
SPIP contains a flaw that allows a remote cross site scripting like attack. This vulnerability could allow a user to create a specially crafted URL that would be redirected to after a succesful login on a trusted website.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Inform your users to double check the URL after a succesful login.
Upgrade to spip 1.9.2