CVE-2023-53900

HIGH 8.8

Spip 4.1.10 Admin Account Spoofing via Malicious SVG Upload

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering.

CWE	CWE-79
Vendor	spip
Product	spip
Published	Dec 16, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for spip spip

Be the first to know when new high vulnerabilities affecting spip spip are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

spip / spip

4.1.10

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51557 spip.net: https://www.spip.net/en_rubrique25.html vulncheck.com: https://www.vulncheck.com/advisories/spip-admin-account-spoofing-via-malicious-svg-upload

Credits

nu11secur1ty