3 matches found
CVE-2026-27475 SPIP < 4.4.9 Insecure Deserialization
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...
CVE-2026-26345
SPIP CVE-2026-26345 is a stored XSS in SPIP
PT-2026-20854
Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.8 Description SPIP before version 4.4.8 contains a Cross-Site Scripting XSS issue in the public area due to insufficient detection of malicious content by the echapper html suspect function. This allows an attacker t...