PT-2026-20847 · Spip · Spip

Dorian Piette

Publicado

2026-02-19

Atualizado

2026-02-23

CVE-2025-71249

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9

Description SPIP versions before 4.4.9 contain a Cross-Site Scripting (XSS) issue in the private area. The echappe anti xss() function was not consistently applied to input, form, button, and anchor () HTML tags, enabling an attacker to inject malicious scripts through these elements. The SPIP security screen does not address this issue.

Recommendations Update to SPIP version 4.4.9 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2025-71249

Spip