Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.