Description
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published: 2026-02-19
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References

No reference.

History

Thu, 19 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
Description SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the public area for certain edge-case usage patterns. The echapper_html_suspect() function does not adequately detect all forms of malicious content, permitting an attacker to inject scripts that execute in a visitor's browser. This vulnerability is not mitigated by the SPIP security screen. This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title SPIP < 4.4.8 Cross-Site Scripting in Public Area
Weaknesses CWE-79
CPEs cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*
Vendors & Products Spip
Spip spip
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}


Thu, 19 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
Description SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the public area for certain edge-case usage patterns. The echapper_html_suspect() function does not adequately detect all forms of malicious content, permitting an attacker to inject scripts that execute in a visitor's browser. This vulnerability is not mitigated by the SPIP security screen.
Title SPIP < 4.4.8 Cross-Site Scripting in Public Area
First Time appeared Spip
Spip spip
Weaknesses CWE-79
CPEs cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*
Vendors & Products Spip
Spip spip
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: REJECTED

Assigner: VulnCheck

Published:

Updated: 2026-02-19T15:25:46.903Z

Reserved: 2026-02-19T03:00:22.782Z

Link: CVE-2025-71246

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Rejected

Published: 2026-02-19T16:27:12.790

Modified: 2026-02-19T16:27:12.790

Link: CVE-2025-71246

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.