Stored XSS in My Subscriptions Feature of Silverpeas Core Software
CVE-2024-56923

5.4MEDIUM

Key Information:

Vendor: Silverpeas
Status: Silverpeas Core
Vendor: CVE Published:; 22 January 2025

What is CVE-2024-56923?

A vulnerability in the Categorization Option of the My Subscriptions functionality in Silverpeas Core 6.4.1 enables remote attackers to inject malicious JavaScript code via the Name field of a subscription. Exploitation of this vulnerability can lead to session hijacking, unauthorized access to user accounts, and data theft when an admin views the compromised subscription. It is crucial to apply security measures to prevent such attacks.

References

https://github.com/Mohamed-Saqib-C/CVEs/blob/main/CVE-202...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2025
Vulnerability Reserved
Jan 9, 2025