Primary

Context

SPIP Jeux Plugin Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the SPIP jeux plugin, affecting versions prior to 4.1.1. The issue arises in the pre_propre pipeline, where untrusted request parameters are incorporated into HTML output without adequate encoding. This flaw allows attackers to inject arbitrary scripts into pages that display a jeux block. When a victim visits a crafted URL, the injected script is executed in their browser context.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the user's browser.

Remediation

Users can update to SPIP jeux version 4.1.1 or later to address this vulnerability.

Added: Feb 25, 2026, 4:30 AM

Updated: Feb 25, 2026, 4:30 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.5

remediation

0.0

relevance

3.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.5

remediation

0.0

relevance

3.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SPIP Jeux Plugin Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating