CVE-2025-71249 in SPIPinformación

Resumen

por MITRE • 2026-02-19

SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappe_anti_xss() function was not systematically applied to input, form, button, and anchor (a) HTML tags, allowing an attacker to inject malicious scripts through these elements. This vulnerability is not mitigated by the SPIP security screen.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulnCheck

Reservar

2026-02-19

Divulgación

2026-02-19

Moderación

aceptado

Artículo

VDB-346927

CPE

listo

CWE

CWE-79 (confirmado)

CVSS

5.4 (CNA)

EPSS

0.00000

KEV

Actividades

muy bajo

Sector

Agriculture, Lawfirm, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-71249
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-71249
CVE Details	https://www.cvedetails.com/cve/CVE-2025-71249/

◂ Anterior Visión De Conjunto Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!