3 matches found
📄 SPIP Blind Server-Side Request Forgery
SPIP versions prior to 4.4.9 suffers from a blind server-side request forgery vulnerability within the private administration interface. ============================================================================================================================================= | Title : SPIP 4.4...
CVE-2026-27473
SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...
UBUNTU-CVE-2026-27473
SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...