Security Advisory

CVE-2025-71240

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-19 14:58:12

Last updated 2026-03-05 01:29:56

Assigner VulnCheck

State PUBLISHED

Description

SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victims browser.

← Browse all CVEs View on cve.org ↗