This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
References
No reference.
History
Thu, 19 Feb 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in the private area. This vulnerability is not mitigated by the SPIP security screen. | This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| Title | SPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private Area | |
| Weaknesses | CWE-79 | |
| CPEs | ||
| Vendors & Products |
Spip
Spip spip |
|
| References |
|
|
| Metrics |
cvssV3_1
|
Thu, 19 Feb 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in the private area. This vulnerability is not mitigated by the SPIP security screen. | |
| Title | SPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private Area | |
| First Time appeared |
Spip
Spip spip |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Spip
Spip spip |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: REJECTED
Assigner: VulnCheck
Published: 2026-02-19T14:58:16.963Z
Updated: 2026-02-19T15:26:13.697Z
Reserved: 2026-02-19T03:00:22.782Z
Link: CVE-2025-71245
Vulnrichment
No data.
NVD
Status : Rejected
Published: 2026-02-19T16:27:12.710
Modified: 2026-02-19T16:27:12.710
Link: CVE-2025-71245
Redhat
No data.