Cross Site Scripting Vulnerability in Silverpeas Core from Silverpeas
CVE-2023-47324

5.4MEDIUM

Key Information:

Vendor: Silverpeas
Status: Silverpeas
Vendor: CVE Published:; 13 December 2023

What is CVE-2023-47324?

Silverpeas Core version 6.3.1 is exposed to a Cross Site Scripting (XSS) vulnerability through its message and notification feature. This flaw allows attackers to inject malicious scripts, which could lead to unauthorized actions or data theft when users interact with affected notifications. Implementing proper input validation and output encoding can mitigate the risks associated with this vulnerability. For detailed technical insights, refer to the project documentation and code changes on GitHub.

References

http://silverpeas.com

https://github.com/Silverpeas/Silverpeas-Core/pull/1298/c...

https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Nov 6, 2023