Filtered by vendor Silverpeas
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47326 | 1 Silverpeas | 1 Silverpeas | 2023-12-18 | N/A | 8.8 HIGH |
| Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. | |||||
| CVE-2023-47323 | 1 Silverpeas | 1 Silverpeas | 2023-12-15 | N/A | 7.5 HIGH |
| The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators. | |||||
| CVE-2023-47322 | 1 Silverpeas | 1 Silverpeas | 2023-12-15 | N/A | 8.8 HIGH |
| The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application. | |||||
| CVE-2023-47320 | 1 Silverpeas | 1 Silverpeas | 2023-12-15 | N/A | 8.1 HIGH |
| Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below. | |||||