CVE-2025-71248

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9

Description SPIP versions before 4.4.9 contain a Stored Cross-Site Scripting (XSS) issue related to syndicated sites within the private area. The #URL SYNDIC output is not sufficiently sanitized when displaying details of syndicated sites in the private area. This allows an attacker who can control a syndication URL to inject malicious scripts that will execute when other administrators view the details of the syndicated site.

Recommendations Update to SPIP version 4.4.9 or later.