CVE-2025-71246

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.8

Description SPIP before version 4.4.8 contains a Cross-Site Scripting (XSS) issue in the public area due to inadequate detection of malicious content by the echapper html suspect() function. This allows an attacker to inject scripts that execute in a visitor’s browser. The SPIP security screen does not mitigate this issue.

Recommendations Update to SPIP version 4.4.8 or later.