Cross-Site Scripting Vulnerability in Silverpeas Core Product
CVE-2024-39031

Currently unrated

Key Information:

Vendor

Silverpeas

Status
Silverpeas Core
Vendor
CVE Published:
9 July 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-39031?

In Silverpeas Core versions up to 6.3.5, an XSS vulnerability exists within the Mes Agendas module. Users with standard access can create events and invite others, including administrators. By injecting malicious payloads into the 'Titre' and 'Description' fields during event creation, the attacker can execute arbitrary scripts on the profiles of invited users without any interaction. This vulnerability poses significant risks as it allows attackers to target not only standard users but also administrators within the same domain, leading to potential data compromise and unauthorized actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.github.com/Silverpeas/Silverpeas-Core/pull/1346
https://github.com/toneemarqus/CVE-2024-39031

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

JSON
.