CVE-2025-71246 | SPIP up to 4.4.7 echapper_html_suspect cross site scripting

Inserito da Angelo Barbosa | Feb 19, 2026 | CVE

A vulnerability was found in SPIP up to 4.4.7 and classified as problematic. The affected element is the function echapper_html_suspect. Executing a manipulation can lead to cross site scripting.

The identification of this vulnerability is CVE-2025-71246. The attack may be launched remotely. There is no exploit available.

It is suggested to upgrade the affected component.

CVE-2025-71246 | SPIP up to 4.4.7 echapper_html_suspect cross site scripting

Post correlati

CVE-2025-49796 | libxml type confusion

CVE-2023-51717 | Dataiku DSS up to 11.4.4/12.4.0 improper authentication (dsa-2023-010)

CVE-2024-56298 | 5 Star Plugins Pretty Simple Popup Builder Plugin up to 1.0.9 on WordPress cross site scripting

CVE-2024-1329 | HashiCorp Nomad/Nomad Enterprise up to 1.5.13/1.6.6/1.7.3 Template Renderer symlink