CVE-2026-27473

SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...

CVE-2025-71248

...

PT-2026-20840

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.3.6 SPIP versions prior to 4.2.17 SPIP versions prior to 4.1.20 Description The application does not properly verify authorization when displaying content of articles and sections rubriques in AJAX-loaded fragments,...

Exploit for CVE-2024-7954

RCECVE-2024-7954 Description: The porteplume plugin used by...

SPIP 安全漏洞

SPIP is a Web-based content publishing system. The system is primarily used for online collaboration. A security vulnerability exists in SPIP versions prior to 3.2.14 and 4.x through 4.0.5 that could allow an attacker to remotely execute arbitrary code...

DEBIAN-CVE-2019-16393

SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character...