Primary

Context

SPIP Open Redirect Vulnerability via Login Form in AJAX Mode

Vulnerability

Patched

A vulnerability allowing open redirect has been identified in SPIP versions prior to 4.4.5 and 4.3.9. This issue arises in the login form when it is used in AJAX mode, allowing attackers to craft malicious URLs that redirect users to arbitrary external sites after they log in. The vulnerability is present on sites that have modified the login page to operate in AJAX mode and is not addressed by SPIP's security measures.

Impact

Exploitation of this vulnerability could lead to unauthorized redirection of users to external sites, potentially causing phishing or other malicious outcomes.

Added: Feb 19, 2026, 6:33 PM

Updated: Feb 19, 2026, 6:33 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.2

exploitability

7.0

remediation

7.7

relevance

3.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.2

exploitability

7.0

remediation

7.7

relevance

3.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SPIP Open Redirect Vulnerability via Login Form in AJAX Mode

Vulnerability

Impact

Affected Products

SPIP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating