Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-27473

SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndicated sites in the private area. The #URL_SYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other administrators view the syndicated site details.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.4%
CVSS Severity
CVSS v3 Score 6.4
Products affected by CVE-2026-27473
  • Spip » Spip » Version: 4.4.0
    cpe:2.3:a:spip:spip:4.4.0
  • Spip » Spip » Version: 4.4.1
    cpe:2.3:a:spip:spip:4.4.1
  • Spip » Spip » Version: 4.4.2
    cpe:2.3:a:spip:spip:4.4.2
  • Spip » Spip » Version: 4.4.3
    cpe:2.3:a:spip:spip:4.4.3
  • Spip » Spip » Version: 4.4.4
    cpe:2.3:a:spip:spip:4.4.4
  • Spip » Spip » Version: 4.4.5
    cpe:2.3:a:spip:spip:4.4.5
  • Spip » Spip » Version: 4.4.6
    cpe:2.3:a:spip:spip:4.4.6
  • Spip » Spip » Version: 4.4.7
    cpe:2.3:a:spip:spip:4.4.7
  • Spip » Spip » Version: 4.4.8
    cpe:2.3:a:spip:spip:4.4.8


Products
Pricing
Contact Us

Shodan ® - All rights reserved