CVE-2023-47322

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user ...

Broken access control in Silverpeas

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces...

GHSA-42G3-3JWM-63RX Broken access control in Silverpeas

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces...

GHSA-CWH6-HM53-6W2M Missing access control in Silverpeas

The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators...

GHSA-28WG-8GV4-MPJF Broken access control in Silverpeas

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

CVE-2023-47322

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user ...

CVE-2023-47327

The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL...

CVE-2023-47324

Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting XSS via the message/notification feature...

CVE-2023-47321

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

CVE-2023-47320

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects...

CVE-2023-47325

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces...

CVE-2023-47321

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

Cross site request forgery (csrf)

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF via the Domain SQL Create function...

Improper access control

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

Improper access control

The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL...

Cross site request forgery (csrf)

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user ...

Cross site scripting

Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting XSS via the message/notification feature...

Silverpeas Cross-Site Request Forgery Vulnerability

Silverpeas is an open source business collaboration platform. The platform includes applications for project management, blogs, forums, and document management. A cross-site request forgery vulnerability exists in Silverpeas Core version 6.3.1, which stems from a CSRF that could be executed if an...

Silverpeas Cross-Site Request Forgery Vulnerability

Silverpeas is an open source business collaboration platform. The platform includes applications for project management, blogs, forums and document management. A cross-site request forgery vulnerability exists in Silverpeas Core version 6.3.1, which stems from the domain SQL creation feature bein...

CVE-2023-47326

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF via the Domain SQL Create function...