Posted by Sysdream Labs on Oct 19

## SPIP 3.1.2 Reflected Cross-Site Scripting (CVE-2016-7981)

### Product Description

SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments
and ease of use. It is free software, distributed under the GNU/GPL licence.

### Vulnerability Description

The `var_url` parameter of the `valider_xml` file is not correctly sanitized and can be used to trigger a reflected XSS…