Filtered by vendor Silverpeas
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47325 | 1 Silverpeas | 1 Silverpeas | 2023-12-18 | N/A | 5.4 MEDIUM |
| Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces. | |||||
| CVE-2023-47324 | 1 Silverpeas | 1 Silverpeas | 2023-12-18 | N/A | 5.4 MEDIUM |
| Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature. | |||||
| CVE-2023-47327 | 1 Silverpeas | 1 Silverpeas | 2023-12-18 | N/A | 4.3 MEDIUM |
| The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL. | |||||
| CVE-2023-47321 | 1 Silverpeas | 1 Silverpeas | 2023-12-15 | N/A | 4.9 MEDIUM |
| Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets. | |||||