High severity8.8NVD Advisory· Published Dec 16, 2025· Updated Apr 29, 2026
CVE-2023-53900
CVE-2023-53900
Description
Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/51557nvdExploit
- www.vulncheck.com/advisories/spip-admin-account-spoofing-via-malicious-svg-uploadnvdThird Party Advisory
- www.spip.net/en_rubrique25.htmlnvdProduct
News mentions
0No linked articles in our index yet.