CVE-2021-44118: 
Linux Debian vulnerability analysis and mitigation

SPIP 4.0.0 was affected by a Cross Site Scripting (XSS) vulnerability discovered in January 2022. The vulnerability requires a visitor to browse a malicious SVG file, allowing an authenticated attacker to inject malicious code that runs on the client side into web pages visited by other users (stored XSS) (NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required privileges, user interaction, and potential for confidentiality and integrity impacts (NVD).

If successfully exploited, this vulnerability allows authenticated attackers to inject malicious code that executes on the client side when other users visit affected web pages. This can lead to compromised user sessions and potential theft of sensitive information (Ubuntu Security).

The vulnerability has been patched in multiple versions across different platforms. Ubuntu users can update to spip version 3.2.11-3+deb11u3build0.21.10.1 for Ubuntu 21.10, version 3.2.7-1ubuntu0.1 for Ubuntu 20.04 LTS, and version 3.1.4-4~deb9u5build0.18.04.1 for Ubuntu 18.04 (Ubuntu Security, Ubuntu Security).