CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-42850
https://notcve.org/view.php?id=CVE-2024-42850
16 Aug 2024 — An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. • https://github.com/njmbb8/CVE-2024-42850 • CWE-521: Weak Password Requirements •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-42849
https://notcve.org/view.php?id=CVE-2024-42849
16 Aug 2024 — An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function. • https://github.com/njmbb8/CVE-2024-42849 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-39031
https://notcve.org/view.php?id=CVE-2024-39031
09 Jul 2024 — In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a new event and add it to his calendar. The user can also add other users to the event from the same domain, including administrator. A normal user can create an event with XSS payload inside “Titre” and “Description” parameters and add the administrator or any user to the event. When the other user (victim) visits his own profile (even without clicking on the event) the payload will be executed on the victim side. En Silverpeas Core <=... • https://github.com/toneemarqus/CVE-2024-39031 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47322
https://notcve.org/view.php?id=CVE-2023-47322
13 Dec 2023 — The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application. La función "userModify" de Silverpeas Core 6.3.1 es vulnerable a cross-site request forgery (CSRF), lo que conduce a una escalada de privilegios. Si un administrador accede a una URL maliciosa ... • http://silverpeas.com • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47323
https://notcve.org/view.php?id=CVE-2023-47323
13 Dec 2023 — The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators. La función de notificación/mensajería de Silverpeas Core 6.3.1 no impone control de acceso en el parámetro ID. Esto permite a un atacante leer todos los mensajes enviados entre otros usuarios; incluidos los enviados únicamente a administradores. • http://silverpeas.com •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47326
https://notcve.org/view.php?id=CVE-2023-47326
13 Dec 2023 — Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. Silverpeas Core 6.3.1 es vulnerable a la cross-site request forgery (CSRF) a través de la función Domain SQL Create. • http://silverpeas.com • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47327
https://notcve.org/view.php?id=CVE-2023-47327
13 Dec 2023 — The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL. La función "Crear un espacio" en Silverpeas Core 6.3.1 está reservada para uso de administradores. Esta función sufre un control de acceso roto, lo que permite a cualquier usuario autenticado crear un espacio navegando a la URL correcta. • http://silverpeas.com •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47320
https://notcve.org/view.php?id=CVE-2023-47320
13 Dec 2023 — Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below. Silverpeas Core 6.3.1 es vulnerable a un control de acceso incorrecto. • http://silverpeas.com •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47321
https://notcve.org/view.php?id=CVE-2023-47321
13 Dec 2023 — Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets. Silverpeas Core 6.3.1 es vulnerable a un control de acceso incorrecto a través del "Porlet Deployer", que permite a los administradores implementar portlets .WAR. • http://silverpeas.com •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47324
https://notcve.org/view.php?id=CVE-2023-47324
13 Dec 2023 — Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature. Silverpeas Core 6.3.1 es vulnerable a Cross Site Scripting (XSS) a través de la función de mensaje/notificación. • http://silverpeas.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •