CVE-2025-71249

CVSS

No CVSS.

ejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

References

No reference.

Configurations

No configuration.

History

19 Feb 2026, 19:22

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.4~~	v2 : unknown v3 : unknown
CWE	~~CWE-79~~
Summary	(en) SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappe_anti_xss() function was not systematically applied to input, form, button, and anchor (a) HTML tags, allowing an attacker to inject malicious scripts through these elements. This vulnerability is not mitigated by the SPIP security screen.	(en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
References	~~{'url': 'https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-9.html', 'source': '[email protected]'}~~ ~~{'url': 'https://git.spip.net/spip/spip', 'source': '[email protected]'}~~ ~~{'url': 'https://www.vulncheck.com/advisories/spip-cross-site-scripting-in-private-area-incomplete-fix', 'source': '[email protected]'}~~

19 Feb 2026, 16:27

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-19 16:27

Updated : 2026-02-19 19:22

NVD link : CVE-2025-71249

Mitre link : CVE-2025-71249

CVE.ORG link : CVE-2025-71249

JSON object : View

Products Affected

No product.

CWE

No CWE.