CVE-2025-71249 in SPIPजानकारी

सारांश

द्वारा MITRE • 19/02/2026

SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappe_anti_xss() function was not systematically applied to input, form, button, and anchor (a) HTML tags, allowing an attacker to inject malicious scripts through these elements. This vulnerability is not mitigated by the SPIP security screen.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

जिम्मेदार

VulnCheck

आरक्षित करना

19/02/2026

प्रकटीकरण

19/02/2026

संयम

स्वीकृत

प्रविष्टि

VDB-346927

CPE

तैयार

CWE

CWE-79 (पुष्टि की गई)

CVSS

5.4 (CNA)

EPSS

0.00000

KEV

नहीं

गतिविधियाँ

बहुत कम

क्षेत्र

Lawfirm, Agriculture, ...

स्रोत

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-71249
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-71249
CVE Details	https://www.cvedetails.com/cve/CVE-2025-71249/

◂ पिछला सिंहावलोकन अगला ▸

Interested in the pricing of exploits?

See the underground prices here!