CVE-2025-71241 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The content of the error message displayed by the 'transmettre' API…
Medium CVSS: 4.8

CVE-2025-71241

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen.
Vendor
Spip
Product
Spip
CWE
CWE-79
Yayın Tarihi
2026-02-19 16:27:11
Güncelleme
2026-03-02 15:16:31
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-79 Spip MEDIUM Spip 2026

Referanslar

https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-3-6-SPIP-4-2-17-SPIP-4-1-20.html https://git.spip.net/spip/spip https://www.vulncheck.com/advisories/spip-cross-site-scripting-in-private-area