CVE-2023-47322

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user ...

GHSA-CWH6-HM53-6W2M Missing access control in Silverpeas

The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators...

Broken access control in Silverpeas

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces...

GHSA-42G3-3JWM-63RX Broken access control in Silverpeas

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces...

GHSA-28WG-8GV4-MPJF Broken access control in Silverpeas

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

CVE-2023-47322

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user ...

CVE-2023-47325

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces...

CVE-2023-47320

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects...

CVE-2023-47321

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

CVE-2023-47327

The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL...

CVE-2023-47324

Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting XSS via the message/notification feature...

CVE-2023-47321

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

Improper access control

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

Improper access control

The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL...

Cross site scripting

Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting XSS via the message/notification feature...

Cross site request forgery (csrf)

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user ...

Cross site request forgery (csrf)

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF via the Domain SQL Create function...

Silverpeas Security Vulnerabilities

Silverpeas is an open source business collaboration platform. The platform includes applications for project management, blogs, forums and document management. A security vulnerability exists in Silverpeas Core version 6.3.1, which stems from the Create a Space feature for administrators only,...

Silverpeas Security Vulnerabilities

Silverpeas is an open source business collaboration platform. The platform includes applications for project management, blogs, forums, and document management. A security vulnerability exists in Silverpeas Core version 6.3.1, which stems from the fact that the notification/messaging function doe...

CVE-2023-47321

CVE-2023-47321 concerns Silverpeas Core 6.3.1, describing an Incorrect Access Control vulnerability via the Porlet Deployer that allows administrators to deploy .WAR portlets . The issue is characterized by a high integrity impact with no confidentiality or availability impact per the provided me...