3.5
CVE-2026-48832
- EPSS 0.19%
- Veröffentlicht 24.05.2026 22:36:35
- Zuletzt bearbeitet 26.05.2026 20:19:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSPIP
≫
Produkt
SPIP
Default Statusunaffected
Version
0
Version <
4.4.15
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.082 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 3.5 | 1.8 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-15.html?lang=fr
https://git.spip.net/spip/spip/-/commit/75629034697ab52a963a340afd10930407e1cd55
https://git.spip.net/spip/ecrire/-/commit/a22cb8a56f1e37ff3854b73ff3f66aa3df47070a