cvedb.io
CVE-2025-71244
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2026-02-19T16:27:12.507 · Last modified 2026-06-17T10:03:56.800

Summary

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been overridden to function in AJAX mode. It is not mitigated by the SPIP security screen.

Affected products

spip — spip

Does this affect you?

Add your gear to cvedb and we'll alert you only when spip ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.