Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
No reference.
Thu, 19 Feb 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the public area for certain edge-case usage patterns. The echapper_html_suspect() function does not adequately detect all forms of malicious content, permitting an attacker to inject scripts that execute in a visitor's browser. This vulnerability is not mitigated by the SPIP security screen. | This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| Title | SPIP < 4.4.8 Cross-Site Scripting in Public Area | |
| Weaknesses | CWE-79 | |
| CPEs | ||
| Vendors & Products |
Spip
Spip spip |
|
| References |
|
|
| Metrics |
cvssV3_1
|
Thu, 19 Feb 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the public area for certain edge-case usage patterns. The echapper_html_suspect() function does not adequately detect all forms of malicious content, permitting an attacker to inject scripts that execute in a visitor's browser. This vulnerability is not mitigated by the SPIP security screen. | |
| Title | SPIP < 4.4.8 Cross-Site Scripting in Public Area | |
| First Time appeared |
Spip
Spip spip |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Spip
Spip spip |
|
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: REJECTED
Assigner: VulnCheck
Published:
Updated: 2026-02-19T15:25:46.903Z
Reserved: 2026-02-19T03:00:22.782Z
Link: CVE-2025-71246
No data.
Status : Rejected
Published: 2026-02-19T16:27:12.790
Modified: 2026-02-19T16:27:12.790
Link: CVE-2025-71246
No data.
OpenCVE Enrichment
No data.
No weakness.