Cross Site Scripting Vulnerability in Silverpeas Core
CVE-2024-29392

5.4MEDIUM

Key Information:

Vendor: Silverpeas
Status: Silverpeas
Vendor: CVE Published:; 22 May 2024

What is CVE-2024-29392?

Silverpeas Core version 6.3 contains a vulnerability that permits exploitation through Cross Site Scripting (XSS). This flaw is specifically found in the ClipboardSessionController component, which may allow attackers to inject malicious scripts into web applications. Such an attack can lead to unauthorized access to sensitive user data, session hijacking, and other security breaches, impacting both the integrity and confidentiality of the application. It is imperative for organizations using Silverpeas Core to assess their exposure to this vulnerability and apply necessary mitigations.

References

https://gist.github.com/phulelouch/48ee63a7c46078574f3b3d...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 22, 2024