2 matches found
CVE-2026-26223 SPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private Area
SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...
SPIP Security Vulnerabilities
SPIP is a freeware program from SPIP for creating Internet sites. A security vulnerability exists in SPIP versions prior to 4.1.14, 4.2.x through 4.2.8. An attacker could exploit the vulnerability to perform a cross-site scripting attack via the name of an uploaded file...