CVE-2025-71249 in SPIPИнформация

Сводка

по MITRE • 19.02.2026

SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappe_anti_xss() function was not systematically applied to input, form, button, and anchor (a) HTML tags, allowing an attacker to inject malicious scripts through these elements. This vulnerability is not mitigated by the SPIP security screen.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

VulnCheck

Резервировать

19.02.2026

Раскрытие

19.02.2026

Модерация

принято

Вход

VDB-346927

CPE

готов

CWE

CWE-79 (Подтверждённый)

CVSS

5.4 (CNA)

EPSS

0.00000

KEV

Нет

Деятельности

Очень низкий

Сектор

Agriculture, Lawfirm, ...

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-71249
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-71249
CVE Details	https://www.cvedetails.com/cve/CVE-2025-71249/

◂ Предыдущий Обзор Далее ▸

Do you need the next level of professionalism?

Upgrade your account now!