CVE-2025-71245

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.8

Description SPIP before version 4.4.8 contains a Cross-Site Scripting (XSS) issue in the private area due to improper handling of iframe tags. The application does not adequately sandbox or escape iframe content within the back-office, which allows an attacker to inject and execute malicious scripts. The vulnerability is not addressed by the SPIP security screen.

Recommendations Update to SPIP version 4.4.8 or later.