Security Advisory

CVE-2026-26223

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-19 15:26:05

Last updated 2026-03-05 01:31:00

Assigner VulnCheck

State PUBLISHED

Description

SPIP before 4.4.8 allows cross-site scripting (XSS) in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in the private area. This vulnerability is not mitigated by the SPIP security screen.

← Browse all CVEs View on cve.org ↗