Lucene search
K

26 matches found

RedhatCVE
RedhatCVE
added 2026/02/20 7:40 p.m.7 views

CVE-2026-27472

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 7:22 p.m.13 views

CVE-2026-27472

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

5.3CVSS0.00262EPSS
Exploits0References3
NVD
NVD
added 2026/02/19 7:22 p.m.6 views

CVE-2026-27473

SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...

6.4CVSS0.0026EPSS
Exploits0References3
OSV
OSV
added 2026/02/19 7:22 p.m.6 views

CVE-2026-27472

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

4.3CVSS5.8AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/19 7:22 p.m.6 views

CVE-2026-27473

SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...

6.4CVSS5.9AI score0.0026EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/19 7:22 p.m.7 views

CVE-2026-27472

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

5.3CVSS6AI score0.00262EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/19 6:38 p.m.21 views

CVE-2026-27473 SPIP < 4.4.9 Stored Cross-Site Scripting via Syndicated Sites

SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...

6.4CVSS0.0026EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 6:38 p.m.22 views

CVE-2026-27473

SPIP

6.4CVSS5.4AI score0.0026EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 6:38 p.m.2 views

CVE-2026-27473 SPIP < 4.4.9 Stored Cross-Site Scripting via Syndicated Sites

SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...

6.4CVSS5.3AI score0.0026EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/19 6:38 p.m.1 views

CVE-2026-27473

SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...

6.4CVSS5.4AI score0.0026EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/19 6:38 p.m.21 views

CVE-2026-27472 SPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated Sites

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

5.3CVSS0.00262EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 6:38 p.m.43 views

CVE-2026-27472

SPIP 4.4.9 fixes a Blind Server-Side Request Forgery (SSRF) in syndicated sites. In SPIP versions before 4.4.9, when editing a syndicated site, the app does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to trigger the server to issue requests to arb...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 6:38 p.m.2 views

CVE-2026-27472 SPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated Sites

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/19 6:38 p.m.4 views

CVE-2026-27472

SPIP before 4.4.9 allows Blind Server-Side Request Forgery SSRF via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitra...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/02/19 4:27 p.m.6 views

CVE-2025-71248

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
added 2026/02/19 4:27 p.m.7 views

CVE-2025-71247

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
CVE
CVE
added 2026/02/19 2:58 p.m.7 views

CVE-2025-71248

SPIP prior to 4.4.9 is affected by a Stored XSS in the private syndicated site page: the #URL_SYNDIC output is not sanitized, allowing a malicious syndicated URL to inject scripts that execute when administrators view syndicated site details. Exploitation involves a user who can set a malicious s...

5.4AI score
Exploits0
Cvelist
Cvelist
added 2026/02/19 2:58 p.m.20 views

CVE-2025-71248

...

Exploits0
CVE
CVE
added 2026/02/19 2:58 p.m.11 views

CVE-2025-71247

SPIP 4.4.9 fixes an authenticated SSRF in the syndicated sites feature. CVE-2025-71247 affects SPIP

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/02/19 2:58 p.m.21 views

CVE-2025-71247

...

Exploits0
Rows per page
Query Builder