Security Advisory

CVE-2025-71241

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-19 14:58:13

Last updated 2026-03-05 01:29:57

Assigner VulnCheck

State PUBLISHED

Description

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The content of the error message displayed by the transmettre API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen.

← Browse all CVEs View on cve.org ↗