ByteOS Network

NVD Vulnerability Details :

CVE-2026-27473

Received

Source-disclosure@vulncheck.com

Published At-19 Feb, 2026 | 19:22

Updated At-19 Feb, 2026 | 19:22

SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndicated sites in the private area. The #URL_SYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other administrators view the syndicated site details.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.1	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	6.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Type: Secondary

Version: 4.0

Base score: 5.1

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 6.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

References

Hyperlink	Source	Resource
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-9.html	disclosure@vulncheck.com	N/A
https://git.spip.net/spip/spip	disclosure@vulncheck.com	N/A
https://www.vulncheck.com/advisories/spip-stored-cross-site-scripting-via-syndicated-sites	disclosure@vulncheck.com	N/A

Hyperlink: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-9.html

Source: disclosure@vulncheck.com

Resource: N/A

Hyperlink: https://git.spip.net/spip/spip

Source: disclosure@vulncheck.com

Resource: N/A

Hyperlink: https://www.vulncheck.com/advisories/spip-stored-cross-site-scripting-via-syndicated-sites

Source: disclosure@vulncheck.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History