6 matches found
CVE-2025-45055
Silverpeas 6.4.2 contains a stored cross-site scripting XSS vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attacker...
CVE-2025-45055
Silverpeas 6.4.2 contains a stored cross-site scripting XSS vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attacker...
CVE-2025-45055
Silverpeas 6.4.2 contains a stored cross-site scripting XSS vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attacker...
PT-2025-24500 · Unknown · Silverpeas
Name of the Vulnerable Software and Affected Versions: Silverpeas version 6.4.2 Description: The issue is a stored cross-site scripting XSS vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an...
CVE-2025-45055
Silverpeas 6.4.2 is affected in the Event Management module by a stored XSS flaw: an authenticated user can upload a malicious SVG as an event attachment, and when an administrator views it, embedded JavaScript can run in the admin session. This stems from insufficient sanitization of SVG files a...
CVE-2025-45055
Silverpeas 6.4.2 contains a stored cross-site scripting XSS vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attacker...