CVE-2026-27473 SPIP < 4.4.9 Stored Cross-Site Scripting via Syndicated Sites

SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...

CVE-2025-71248

...