Silverpeas ≫ Silverpeas

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.

Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaSc...

Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 <= 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious ...

SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via the ViewType parameter of the findbywhereclause function

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function.

In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload...

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.

Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController.

The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL.