Security Advisory

CVE-2026-27473

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-19 18:38:26

Last updated 2026-03-05 01:31:17

Assigner VulnCheck

State PUBLISHED

Description

SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndicated sites in the private area. The #URL_SYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other administrators view the syndicated site details.

← Browse all CVEs View on cve.org ↗