CVE-2026-27746 - SPIP jeux < 4.1.1 Reflected XSS via index Parameters

CVE ID : CVE-2026-27746 Published : Feb. 25, 2026, 4:16 a.m. | 29 minutes ago Description : The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting (XSS) vulnerability in the pre_propre pipeline. The plugin incorporates untrusted request parameters into HTML output without proper output encoding, allowing attackers to inject arbitrary script content into pages that render a jeux block. When a victim is induced to visit a crafted URL, the injected content is reflected into the response and executed in the victim's browser context. Severity: 5.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...