CVE-2025-71240

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

CVE-2025-71240

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

CVE-2025-71240

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

UBUNTU-CVE-2025-71240

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

CVE-2025-71240 SPIP < 4.2.15 Cross-Site Scripting via Code Tags

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

CVE-2025-71240

CVE-2025-71240 affects SPIP prior to 4.2.15, where crafted content in HTML code tags can bypass verification and trigger Cross-Site Scripting (XSS) in the user’s browser. The issue arises because the application does not properly verify JavaScript within code tags, enabling an attacker to inject ...

CVE-2025-71240 SPIP < 4.2.15 Cross-Site Scripting via Code Tags

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

Linux Distros Unpatched Vulnerability : CVE-2025-71240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags,...

CVE-2024-58313 xbtitFM 4.1.18 Insecure File Upload in file_hosting Feature

xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...

PT-2026-20838

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.2.15 Description The application does not properly validate JavaScript within HTML code tags, which allows for the injection of malicious scripts that execute in a victim’s browser. This can lead to Cross-Site Scriptin...

Design/Logic Flaw

SVG use tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects...

CVE-2002-0533

phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...

CVE-2002-0534

CVE-2002-0534 affects PostBoard 2.0.1 and earlier, where BBCode handling in [code] tags allows remote attackers to trigger a denial of service (CPU consumption) and corrupt the database. The underlying cause is improper processing of null characters (�) in code blocks. Impact is limited to DoS an...