CVE-2026-30139

A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...

Silverpeas Core has a reflected cross-site scripting vulnerability

A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...

CVE-2026-30139

A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...

Silverpeas Core 跨站脚本漏洞

Silverpeas Core is an open-source project developed by Silverpeas, used for building and running collaborative and social web portals. Versions of Silverpeas Core prior to 6.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the AdvancedSearch feature having...

CVE-2026-30139

A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...

CVE-2026-30139

Silverpeas Core prior to 6.4.6 is affected by a reflected XSS in the AdvancedSearch functionality. Crafted input can execute arbitrary JavaScript in the context of a user’s browser. The description identifies the vulnerable component and version, but does not provide remediation steps or affected...

CVEs-huyle

CVE-2026-30139: Silverpeas Core Reflected XSS in AdvancedSearc...

EUVD-2024-1560

Malicious code in bioql PyPI...

EUVD-2025-0142

Malicious code in bioql PyPI...

CVE-2024-39031

In Silverpeas Core = 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and "Description" fields when...

CVE-2024-56923

Stored Cross-Site Scripting XSS Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 = 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The...

CVE-2023-47324

Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting XSS via the message/notification feature...

CVE-2023-47327

The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL...

CVE-2023-47323

The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators...

CVE-2023-47326

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF via the Domain SQL Create function...

CVE-2023-47321

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets...

CVE-2023-47325

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces...

CVE-2024-29392

Silverpeas Core 6.3 is vulnerable to Cross Site Scripting XSS via ClipboardSessionController...

GHSA-788M-27G4-CF86 Cross site scripting in Silverpeas Core

Stored Cross-Site Scripting XSS Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 = 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The...

Cross site scripting in Silverpeas Core

Stored Cross-Site Scripting XSS Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 = 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The...