Cross Site Request Forgery in Silverpeas Core by Silverpeas
CVE-2023-47322

8.8HIGH

Key Information:

Vendor: Silverpeas
Status: Silverpeas
Vendor: CVE Published:; 13 December 2023

What is CVE-2023-47322?

The userModify feature in Silverpeas Core version 6.3.1 is susceptible to a Cross Site Request Forgery (CSRF) attack. This vulnerability could allow an attacker to execute unauthorized actions when an administrator accesses a malicious URL while authenticated to the Silverpeas application. By exploiting this flaw, the attacker may gain administrative privileges, potentially compromising the integrity and security of the application. It is crucial for users of Silverpeas to be aware of this vulnerability and take appropriate measures to protect their systems.

References

http://silverpeas.com

https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Nov 6, 2023