Cross-Site Scripting Vulnerability in SPIP Web Platform
CVE-2025-71240
4.8MEDIUM
What is CVE-2025-71240?
SPIP versions prior to 4.2.15 are vulnerable to Cross-Site Scripting (XSS) attacks due to improper handling of JavaScript within HTML code tags. Attackers can exploit this flaw by injecting malicious scripts that execute in the context of a user's browser, potentially leading to unauthorized actions or data theft. Users are advised to update to version 4.2.15 or later to mitigate this security risk.
Affected Version(s)
SPIP 4.2.0 < 4.2.15