2 matches found
UBUNTU-CVE-2026-27473
SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...
PT-2026-20846
Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions before 4.4.9 contain a Stored Cross-Site Scripting XSS issue related to syndicated sites within the private area. The URL SYNDIC output is not sufficiently sanitized when displaying detail...