CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Spip: >> Jeux >> 3.5.1 Security Vulnerabilities

CVE-2026-27746

The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting (XSS) vulnerability in the pre_propre pipeline. The plugin incorporates untrusted request parameters into HTML output without proper output encoding, allowing attackers to inject arbitrary script content into pages that render a jeux block. When a victim is induced to visit a crafted URL, the injected content is reflected into the response and executed in the victim's browser context.

CVSS Score

6.1

EPSS Score

0.0

Published

2026-02-25

Page 1

Vulnerabilities

Vulnerable Software

Spip: >> Jeux >> 3.5.1 Security Vulnerabilities

Products

Pricing

Contact Us