Primary

Context

SPIP Stored Cross-Site Scripting Vulnerability in Syndicated Sites

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in SPIP versions prior to 4.4.9. This issue arises in the private area through syndicated sites, where the #URL_SYNDIC output is inadequately sanitized. An attacker can exploit this by injecting malicious scripts into the syndication URL, which then execute when other administrators view the syndicated site details.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page.

Remediation

Users can update to SPIP version 4.4.9, which addresses this vulnerability. The update can be performed using the SPIP loader or by downloading the latest version from the SPIP website.

Added: Feb 19, 2026, 7:36 PM

Updated: Feb 19, 2026, 7:36 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.4

exploitability

5.8

remediation

7.7

relevance

3.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.4

exploitability

5.8

remediation

7.7

relevance

3.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SPIP Stored Cross-Site Scripting Vulnerability in Syndicated Sites

Vulnerability

Impact

Remediation

Affected Products

SPIP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating