Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-71240

Опубликовано: 19 фев. 2026
Источник: ubuntu
Приоритет: medium
CVSS3: 5.4

Описание

SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser.

РелизСтатусПримечание
devel

not-affected

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-apps/xenial

needs-triage

jammy

needs-triage

noble

needs-triage

questing

not-affected

4.4.3+dfsg-1
upstream

released

4.3.0+dfsg-1

Показывать по

Ссылки на источники

5.4 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-71240

CVSS3: 5.4
nvd
около 2 месяцев назад

SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser.

debian логотип

CVE-2025-71240

CVSS3: 5.4
debian
около 2 месяцев назад

SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted conte ...

github логотип

GHSA-3cj5-wr93-33x7

CVSS3: 5.4
github
около 2 месяцев назад

SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser.

5.4 Medium

CVSS3