PT-2026-20839 · Spip · Spip
Glop
+1
·
Published
2025-01-01
·
Updated
2026-02-23
·
CVE-2025-71241
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SPIP versions prior to 4.3.6
SPIP versions prior to 4.2.17
SPIP versions prior to 4.1.20
Description
SPIP versions prior to 4.3.6, 4.2.17, and 4.1.20 contain a Cross-Site Scripting (XSS) issue within the private area. The error message displayed by the
transmettre API endpoint does not properly sanitize its content, which allows an attacker to inject malicious scripts. SPIP’s security screen offers some mitigation.Recommendations
Update to SPIP version 4.3.6 or later.
Update to SPIP version 4.2.17 or later.
Update to SPIP version 4.1.20 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spip