CNNVD-202512-2798 Information
Dec 16, 2025
cve
CNNVD ID
CNNVD-202512-2798
Related CVE
- CNNVD Published: 2025-12-16
Description (Chinese)
SPIP是SPIP开源的一个用于创建 Internet 站点的免费软件。 SPIP 4.1.10版本存在跨站脚本漏洞,该漏洞源于文件上传过滤不当,可能导致攻击者上传恶意SVG文件。
Description (English)
SPIP is a free software for creating Internet sites. SPIP 4.1.10 has a cross-site script loophole, which stems from inappropriate document upload filtering, which may lead to malicious SVG documents being uploaded by the attackers.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
SPIP
Published
2025-12-16
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/51557 https://www.spip.net/en_rubrique25.html https://www.vulncheck.com/advisories/spip-admin-account-spoofing-via-malicious-svg-upload
Patch
https://www.spip.net/en_download
Share on: