CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-27746

The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting (XSS) vulnerability in the pre_propre pipeline. The plugin incorporates untrusted request parameters into HTML output without proper output encoding, allowing attackers to inject arbitrary script content into pages that render a jeux block. When a victim is induced to visit a crafted URL, the injected content is reflected into the response and executed in the victim's browser context.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.2%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2026-27746

Spip » Jeux » Version: 2.5.2

cpe:2.3:a:spip:jeux:2.5.2
Spip » Jeux » Version: 3.4.6

cpe:2.3:a:spip:jeux:3.4.6
Spip » Jeux » Version: 3.5.0

cpe:2.3:a:spip:jeux:3.5.0
Spip » Jeux » Version: 3.5.1

cpe:2.3:a:spip:jeux:3.5.1
Spip » Jeux » Version: 3.5.2

cpe:2.3:a:spip:jeux:3.5.2
Spip » Jeux » Version: 3.5.4

cpe:2.3:a:spip:jeux:3.5.4
Spip » Jeux » Version: 3.5.5

cpe:2.3:a:spip:jeux:3.5.5
Spip » Jeux » Version: 3.5.6

cpe:2.3:a:spip:jeux:3.5.6
Spip » Jeux » Version: 4.0.0

cpe:2.3:a:spip:jeux:4.0.0
Spip » Jeux » Version: 4.1.0

cpe:2.3:a:spip:jeux:4.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-27746

Products

Pricing

Contact Us