CVE-2025-71241 SPIP < 4.3.6 Cross-Site Scripting in Private Area

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting XSS in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen...

SPIP 跨站脚本漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions prior to SPIP 4.3.6, 4.2.17, and 4.1.20 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleanup of error message content from the transmettre API, which could lead t...

PT-2026-20839

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.3.6 SPIP versions prior to 4.2.17 SPIP versions prior to 4.1.20 Description SPIP versions prior to 4.3.6, 4.2.17, and 4.1.20 contain a Cross-Site Scripting XSS issue within the private area. The error message displayed...