Medium severity6.1NVD Advisory· Published Apr 22, 2026· Updated Apr 22, 2026
CVE-2026-30139
CVE-2026-30139
Description
A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.silverpeas.core:silverpeas-core-warMaven | <= 6.4-feature13197 | — |
org.silverpeas.core:silverpeas-core-webMaven | <= 6.4-feature13197 | — |
Affected products
1Patches
17b4bacc80d11Bug #15018
5 files changed · +288 −272
core-war/src/main/java/org/silverpeas/web/pdc/control/SortResultsFactory.java+0 −4 modified@@ -23,11 +23,7 @@ */ package org.silverpeas.web.pdc.control; -import org.silverpeas.kernel.bundle.ResourceLocator; import org.silverpeas.core.util.ServiceProvider; -import org.silverpeas.kernel.bundle.SettingBundle; -import org.silverpeas.kernel.util.StringUtil; -import org.silverpeas.kernel.logging.SilverLogger; /** * @author david derigent
core-war/src/main/webapp/jobDomainPeas/jsp/domainSynchro.jsp+78 −73 modified@@ -24,79 +24,84 @@ --%> <%@ page import="org.silverpeas.kernel.logging.Level" %> -<%@page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> -<%@ taglib uri="http://www.silverpeas.com/tld/viewGenerator" prefix="view"%> +<%@page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %> +<%@ taglib uri="http://www.silverpeas.com/tld/viewGenerator" prefix="view" %> +<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> +<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %> <%@ include file="check.jsp" %> <% - Domain domObject = (Domain)request.getAttribute("domainObject"); - - browseBar.setComponentName(getDomainLabel(domObject, resource), "domainContent?Iddomain="+domObject.getId()); - browseBar.setPath(resource.getString("JDP.domainSynchro") + "..."); -%> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html> -<head> -<view:looknfeel withCheckFormScript="true"/> - <script type="text/javascript"> - function ValidForm(){ - SP_openWindow('<%=m_context %>/RjobDomainPeas/jsp/displayDynamicSynchroReport?IdTraceLevel=' + document.domainForm.IdTraceLevel.value, 'SynchroDomainReport', '750', '550', 'menubar=yes,scrollbars=yes,statusbar=yes,resizable=yes'); - document.domainForm.submit(); - } - </script> -</head> -<body class="page_content_admin"> -<% -out.println(window.printBefore()); -out.println(frame.printBefore()); + Domain domain = (Domain) request.getAttribute("domainObject"); %> -<view:frame> -<view:board> -<form name="domainForm" action="domainSynchro" method="post"> - <input type="hidden" name="X-ATKN" value="${requestScope['X-ATKN']}"/> - <table> - <tr> - <td class="txtlibform"> - <%=resource.getString("GML.name")%> : - </td> - <td> - <%=WebEncodeHelper.javaStringToHtmlString(domObject.getName())%> - </td> - </tr> - <% if (StringUtil.isDefined(domObject.getDescription())) { %> - <tr> - <td class="txtlibform"> - <%=resource.getString("GML.description")%> : - </td> - <td> - <%=WebEncodeHelper.javaStringToHtmlString(domObject.getDescription())%> - </td> - </tr> - <% } %> - <tr> - <td class="txtlibform"> - <%=resource.getString("JDP.traceLevel")%> : - </td> - <td> - <select name="IdTraceLevel" size="1"> - <option value="<%=Level.DEBUG%>">Debug</option> - <option value="<%=Level.INFO%>" selected="selected">Info</option> - <option value="<%=Level.WARNING%>">Warning</option> - <option value="<%=Level.ERROR%>">Error</option> - </select> - </td> - </tr> - </table> -</view:board> -</form> - <% - ButtonPane bouton = gef.getButtonPane(); - bouton.addButton(gef.getFormButton(resource.getString("GML.validate"), "javascript:ValidForm()", false)); - bouton.addButton(gef.getFormButton(resource.getString("GML.cancel"), "domainContent", false)); - out.println(bouton.print()); - %> -</view:frame> -<% -out.println(window.printAfter()); -%> -</body> -</html> \ No newline at end of file +<fmt:setLocale value="${sessionScope[sessionController].language}"/> +<view:setBundle bundle="${requestScope.resources.multilangBundle}"/> +<fmt:message var="validateLabel" key="GML.validate"/> +<fmt:message var="cancelLabel" key="GML.cancel"/> +<c:set var="path"><fmt:message key="JDP.domainSynchro"/><%="..."%></c:set> +<c:set var="componentName"><%=getDomainLabel(domain, resource)%> +</c:set> +<c:set var="componentLink"><%="domainContent?Iddomain=" + domain.getId()%> +</c:set> + +<view:sp-page> + <view:sp-head-part withCheckFormScript="true"> + <script type="text/javascript"> + function ValidForm() { + SP_openWindow(webContext + '/RjobDomainPeas/jsp/displayDynamicSynchroReport?IdTraceLevel=' + + document.domainForm.IdTraceLevel.value, 'SynchroDomainReport', '750', '550', + 'menubar=yes,scrollbars=yes,statusbar=yes,resizable=yes'); + document.domainForm.submit(); + } + </script> + </view:sp-head-part> + <view:sp-body-part cssClass="page_content_admin"> + <view:browseBar path="${path}"> + <view:browseBarElt label="${componentName}" link="${componentLink}"/> + </view:browseBar> + <view:window> + <view:frame> + <view:board> + <form name="domainForm" action="domainSynchro" method="post"> + <input type="hidden" name="X-ATKN" value="${requestScope['X-ATKN']}"/> + <table> + <tr> + <th class="txtlibform"> + <%=resource.getString("GML.name")%> : + </th> + <td> + <%=WebEncodeHelper.javaStringToHtmlString(domain.getName())%> + </td> + </tr> + <% if (StringUtil.isDefined(domain.getDescription())) { %> + <tr> + <th class="txtlibform"> + <%=resource.getString("GML.description")%> : + </th> + <td> + <%=WebEncodeHelper.javaStringToHtmlString(domain.getDescription())%> + </td> + </tr> + <% } %> + <tr> + <th class="txtlibform"> + <label for="traceLevel"><%=resource.getString("JDP.traceLevel")%>:</label> + </th> + <td> + <select id="traceLevel" name="IdTraceLevel" size="1"> + <option value="<%=Level.DEBUG%>">Debug</option> + <option value="<%=Level.INFO%>" selected="selected">Info</option> + <option value="<%=Level.WARNING%>">Warning</option> + <option value="<%=Level.ERROR%>">Error</option> + </select> + </td> + </tr> + </table> + </view:board> + <view:buttonPane> + <view:button label="${validateLabel}" action="javascript:ValidForm()" disabled="false"/> + <view:button label="${cancelLabel}" action="domainContent" disabled="false"/> + </view:buttonPane> + </form> + </view:frame> + </view:window> + </view:sp-body-part> +</view:sp-page> \ No newline at end of file
core-war/src/main/webapp/jobDomainPeas/jsp/userImport.jsp+4 −4 modified@@ -187,7 +187,7 @@ out.println(board.printBefore()); value = query.get(ldapAttribute); %> <tr> - <td class="txtlibform"><%=label%> :</td> + <th scope="row" class="txtlibform"><%=label%></th> <td> <input type="text" name="<%=ldapAttribute%>" size="50" maxlength="50" value="<%=value%>" onkeydown="checkSubmitToSearch(event)"> @@ -198,9 +198,9 @@ out.println(board.printBefore()); } %> <tr> - <td><%=resource.getString("JDP.searchSyntax")%> + <th scope="row"><%=resource.getString("JDP.searchSyntax")%> <img src="<%=resource.getIcon("JDP.info")%>" border=0 onmouseover="return overlib('<%=WebEncodeHelper.javaStringToJsString(resource.getString("JDP.fieldSyntaxContent"))%>', CAPTION, '<%=WebEncodeHelper.javaStringToJsString(resource.getString("JDP.fieldSyntax"))%>')" onmouseout="return nd();" align="absmiddle"> - </td> + </th> </tr> </table> <% @@ -254,7 +254,7 @@ out.println(board.printBefore()); { %> <table> - <tr class=intfdcolor4><td colspan=5><%=pagination.printIndex("doPagination")%></td></tr> + <tr class=intfdcolor4><th></th><td colspan=5><%=pagination.printIndex("doPagination")%></td></tr> </table> <% }
core-war/src/main/webapp/pdcPeas/jsp/globalSearchXML.jsp+204 −189 modified@@ -23,194 +23,209 @@ along with this program. If not, see <https://www.gnu.org/licenses/>. --%> -<%@page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> -<%@ taglib uri="http://www.silverpeas.com/tld/viewGenerator" prefix="view"%> -<%@ page import="org.silverpeas.core.admin.component.model.SilverpeasComponentInstance"%> -<%@ page import="org.silverpeas.core.contribution.content.form.DataRecord"%> -<%@ page import="org.silverpeas.core.contribution.content.form.Form"%> -<%@ page import="org.silverpeas.core.contribution.content.form.PagesContext"%> -<%@ page import="org.silverpeas.core.contribution.template.publication.PublicationTemplate"%> -<%@ page import="org.silverpeas.kernel.util.StringUtil" %> - -<%@ include file="checkAdvancedSearch.jsp"%> -<% -String sortOrder = request.getParameter("sortOrder"); - -boolean expertSearchVisible = (Boolean) request.getAttribute("ExpertSearchVisible"); -List<PublicationTemplate> xmlForms = (List) request.getAttribute("XMLForms"); -PublicationTemplate template = (PublicationTemplate) request.getAttribute("Template"); -DataRecord emptyData = (DataRecord) request.getAttribute("Data"); -PagesContext context = (PagesContext) request.getAttribute("context"); - -Form form = null; -String selectedTemplate = null; -if (template != null) { - selectedTemplate = template.getFileName(); - form = template.getSearchForm(); -} - -List<SilverpeasComponentInstance> allComponents = (List) request.getAttribute("ComponentList"); -List<SpaceInstLight> allSpaces = (List) request.getAttribute("SpaceList"); -QueryParameters query = (QueryParameters) request.getAttribute("QueryParameters"); -String spaceSelected = null; -String componentSelected = null; -String title = ""; -if (query != null) { - spaceSelected = query.getSpaceId(); - componentSelected = query.getInstanceId(); - title = StringUtil.defaultStringIfNotDefined(query.getKeywords()); -} -%> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> -<head> -<view:looknfeel/> -<view:includePlugin name="wysiwyg"/> -<script type="text/javascript"> -function sendXMLRequest() { - if(document.XMLSearchForm != null) { - $.progressMessage(); - applyPlainTextSearch(); - document.XMLSearchForm.submit(); - } else { - jQuery.popup.error("<%=resource.getString("pdcPeas.choiceForm")%>"); - } -} -function chooseTemplate() { - var valuePath = document.XMLRestrictForm.xmlSearchSelectedForm.value; - if (valuePath.length > 0) { - $.progressMessage(); - applyPlainTextSearch(); - document.XMLRestrictForm.action = "XMLSearchViewTemplate"; - document.XMLRestrictForm.submit(); - } -} -function applyPlainTextSearch() { - $("input[name='TitleNotInXMLForm']").val($("#plainText").val()); -} -function viewXmlSearch(){ - $.progressMessage(); - document.XMLRestrictForm.submit(); -} -</script> -</head> -<body class="yui-skin-sam" id="globalSearchXML"> -<% - browseBar.setComponentName(resource.getString("pdcPeas.SearchPage")); - - ButtonPane buttonPane = gef.getButtonPane(); - - out.println(window.printBefore()); - - tabs = gef.getTabbedPane(); - tabs.addTab(resource.getString("pdcPeas.SearchResult"), "LastResults", false); - if (expertSearchVisible) { - tabs.addTab(resource.getString("pdcPeas.SearchSimple"), "ChangeSearchTypeToAdvanced", false); - tabs.addTab(resource.getString("pdcPeas.SearchAdvanced"), "ChangeSearchTypeToExpert", false); - } else { - tabs.addTab(resource.getString("pdcPeas.SearchPage"), "ChangeSearchTypeToAdvanced", false); - } - tabs.addTab(resource.getString("pdcPeas.SearchXml"), "#", true); - - out.println("<div id=\"tabs\">" + tabs.print() + "</div>"); - out.println(frame.printBefore()); - - %> -<div id="scope"> -<view:board> - <form name="XMLRestrictForm" action="XMLRestrictSearch" method="post"> - <table> - <tr> - <td class="txtlibform" - style="width: 200px"><%=resource.getString("pdcPeas.Template")%></td> - <td> - <select name="xmlSearchSelectedForm" size="1" onchange="chooseTemplate();return;"> - <option value=""><%=resource.getString("GML.select")%></option> +<%@page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %> +<%@ taglib uri="http://www.silverpeas.com/tld/viewGenerator" prefix="view" %> +<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> +<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %> +<%@ taglib uri="http://www.silverpeas.com/tld/silverFunctions" prefix="silfn" %> + +<%@ page import="org.silverpeas.core.contribution.content.form.DataRecord" %> +<%@ page import="org.silverpeas.core.contribution.content.form.Form" %> +<%@ page import="org.silverpeas.core.contribution.content.form.PagesContext" %> +<%@ page import="org.silverpeas.core.contribution.template.publication.PublicationTemplate" %> + +<%@ include file="checkAdvancedSearch.jsp" %> + +<fmt:setLocale value="${sessionScope[sessionController].language}"/> +<view:setBundle bundle="${requestScope.resources.multilangBundle}"/> +<fmt:message var="componentName" key="pdcPeas.SearchPage"/> +<fmt:message var="resultsTab" key="pdcPeas.SearchResult"/> +<fmt:message var="simpleSearchTab" key="pdcPeas.SearchSimple"/> +<fmt:message var="advancedSearchTab" key="pdcPeas.SearchAdvanced"/> +<fmt:message var="searchByFormTab" key="pdcPeas.SearchXml"/> +<fmt:message var="searchPageTab" key="pdcPeas.SearchPage"/> +<fmt:message var="searchAction" key="pdcPeas.search"/> + +<c:set var="language" value="${sessionScope[sessionController].language}"/> +<c:set var="templates" value="${requestScope.XMLForms}"/> +<c:set var="actualTemplate" value="${requestScope.Template}"/> +<c:set var="selectedTemplate"/> +<c:set var="form" value="${null}"/> +<c:if test="${actualTemplate != null}"> + <c:set var="selectedTemplate" value="${actualTemplate.fileName}"/> + <c:set var="form" value="${actualTemplate.searchForm}"/> +</c:if> +<c:set var="spaces" value="${requestScope.SpaceList}"/> +<c:set var="selectedSpace"/> +<c:set var="selectedComponent"/> +<c:set var="title" value=""/> +<c:set var="query" value="${requestScope.QueryParameters}"/> +<c:if test="${query != null}"> + <c:set var="selectedSpace" value="${query.spaceId}"/> + <c:set var="selectedComponent" value="${query.instanceId}"/> + <c:set var="title" value="${silfn:defaultEmptyString(query.keywords)}"/> +</c:if> +<c:set var="components" value="${requestScope.ComponentList}"/> +<c:set var="context" value="${requestScope.context}"/> +<c:set var="data" value="${requestScope.Data}"/> + +<view:sp-page> + <view:sp-head-part> + <view:includePlugin name="wysiwyg"/> + <script type="text/javascript"> + function sendXMLRequest() { + if (document.XMLSearchForm != null) { + $.progressMessage(); + applyPlainTextSearch(); + document.XMLSearchForm.submit(); + } else { + jQuery.popup.error('<fmt:message key="pdcPeas.choiceForm"/>'); + } + } + + function chooseTemplate() { + const valuePath = document.XMLRestrictForm.xmlSearchSelectedForm.value; + if (valuePath.length > 0) { + $.progressMessage(); + applyPlainTextSearch(); + document.XMLRestrictForm.action = "XMLSearchViewTemplate"; + document.XMLRestrictForm.submit(); + } + } + + function applyPlainTextSearch() { + $("input[name='TitleNotInXMLForm']").val($("#plainText").val()); + } + + function viewXmlSearch() { + $.progressMessage(); + document.XMLRestrictForm.submit(); + } + </script> + </view:sp-head-part> + <view:sp-body-part cssClass="yui-skin-sam" id="globalSearchXML"> + <view:browseBar componentId="componentName"/> + <view:window> + <view:tabs> + <view:tab label="${resultsTab}" action="LastResults" selected="false"/> + <c:choose> + <c:when test="${requestScope.ExpertSearchVisible}"> + <view:tab label="${simpleSearchTab}" action="ChangeSearchTypeToAdvanced" + selected="false"/> + <view:tab label="${advancedSearchTab}" action="ChangeSearchTypeToExpert" + selected="false"/> + </c:when> + <c:otherwise> + <view:tab label="${searchPageTab}" action="ChangeSearchTypeToAdvanced" + selected="false"/> + </c:otherwise> + </c:choose> + <view:tab label="${searchByFormTab}" action="#" selected="true"/> + </view:tabs> + <view:frame> + <div id="scope"> + <view:board> + <form name="XMLRestrictForm" action="XMLRestrictSearch" method="post"> + <table> + <tr> + <th scope="row" class="txtlibform" style="width: 200px"> + <label for="searchSelection"><fmt:message key="pdcPeas.Template"/></label> + </th> + <td> + <select id="searchSelection" name="xmlSearchSelectedForm" size="1" + onchange="chooseTemplate();return;"> + <option value=""><fmt:message key="GML.select"/></option> + <c:forEach var="template" items="${templates}"> + <c:set var="selected" value=""/> + <c:if test="${template.fileName == selectedTemplate}"> + <c:set var="selected" value="selected"/> + </c:if> + <option value="${template.fileName}" ${selected}>${template.name}</option> + </c:forEach> + </select> + </td> + </tr> + <tr></tr> + <tr id="spaceList"> + <th scope="row" class="txtlibform" style="width: 200px"> + <label for="spaces"><fmt:message key="pdcPeas.DomainSelect"/></label> + </th> + <td> + <select id="spaces" name="spaces" size="1" onchange="viewXmlSearch()"> + <option value=""><fmt:message key="pdcPeas.AllAuthors"/></option> + <c:forEach var="space" items="${spaces}"> + <c:set var="selected" value=""/> + <c:if test="${space.id == selectedSpace}"> + <c:set var="selected" value="selected"/> + </c:if> + <c:set var="incr" value=""/> + <c:if test="${space.level == 1}"> + <c:set var="incr" value=" "/> + </c:if> + <option value="${space.id}" + ${selected}>${incr}${silfn:escapeHtml(space.getName(language))}</option> + </c:forEach> + </select> + </td> + </tr> + <tr></tr> + <c:if test="${components != null}"> + <tr> + <th scope="row" class="txtlibform" style="width: 200px"> + <label for="components"><fmt:message key="pdcPeas.ComponentSelect"/></label> + </th> + <td> + <select id="components" name="componentSearch" size="1" + onchange="viewXmlSearch()"> + <option value=""><fmt:message key="pdcPeas.AllAuthors"/></option> + <c:forEach var="component" items="${components}"> + <c:set var="selected" value=""/> + <c:if test="${component.id == selectedComponent}"> + <c:set var="selected" value="selected"/> + </c:if> + <option + value="${component.id}" ${selected}>${silfn:escapeHtml(component.getName(language))}</option> + </c:forEach> + </select> + </td> + </tr> + <tr></tr> + </c:if> + <tr> + <th scope="row" style="width: 200px" class="txtlibform"> + <label for="plainText"><fmt:message key="GML.search"/></label> + </th> + <td><input type="text" id="plainText" size="50" value="${title}"/></td> + </tr> + </table> + <input type="hidden" name="sortOrder" value="<c:out value="${param.sortOrder}"/>"/> + <input type="hidden" name="TitleNotInXMLForm" value="${title}"/> + </form> + </view:board> + </div> + + <c:if test="${form != null}"> + <div id="template"> + <form name="XMLSearchForm" method="post" action="XMLSearch" + enctype="multipart/form-data"> + <input type="hidden" name="TitleNotInXMLForm" value="${title}"/> <% - String selected = ""; - for (PublicationTemplate oneTemplate : xmlForms) { - selected = ""; - if (oneTemplate.getFileName().equals(selectedTemplate)) { - selected = " selected"; - } - - out.println("<option value=\""+oneTemplate.getFileName()+"\""+selected+">"+oneTemplate.getName()+"</option>"); - } + PublicationTemplate template = (PublicationTemplate) request.getAttribute("Template"); + DataRecord emptyData = (DataRecord) request.getAttribute("Data"); + PagesContext context = (PagesContext) request.getAttribute("context"); + Form form = template.getSearchForm(); + form.display(out, context, emptyData); %> - </select> - </td> - </tr> - <tr id="spaceList"> - <td class="txtlibform" style="width: 200px"><%=resource.getString("pdcPeas.DomainSelect")%></td> - <td><select name="spaces" size="1" onchange="viewXmlSearch()"> - <% - out.println("<option value=\"\">"+resource.getString("pdcPeas.AllAuthors")+"</option>"); - String incr = ""; - for (SpaceInstLight space : allSpaces) { - selected = ""; - incr = ""; - if (space.getLevel() == 1) { - incr = " "; - } - - if (space.getId().equals(spaceSelected)) { - selected = " selected"; - } - - out.println("<option value=\""+space.getId()+"\""+selected+">"+incr+WebEncodeHelper.javaStringToHtmlString(space.getName(language))+"</option>"); - } - %> - </select></td> - </tr> - <% if (allComponents != null) {%> - <tr> - <td class="txtlibform" style="width: 200px"><%=resource.getString("pdcPeas.ComponentSelect")%></td> - <td> - <select name="componentSearch" size="1" onchange="viewXmlSearch()"> - <option value=""><%=resource.getString("pdcPeas.AllAuthors")%></option> - <% - for(SilverpeasComponentInstance component : allComponents) { - selected = ""; - if (component.getId().equals(componentSelected)){ - selected = " selected"; - } - out.println("<option value=\""+component.getId()+"\""+selected+">"+WebEncodeHelper.javaStringToHtmlString(component.getLabel(language))+"</option>"); - } - %> - </select> - </td> - </tr> - <% } %> - <tr> - <td style="width: 200px" class="txtlibform"><%=resource.getString("GML.search")%></td> - <td><input type="text" id="plainText" size="50" value="<%=title%>"/></td> - </tr> - - <input type="hidden" name="sortOrder" value="<%=sortOrder %>"/> - <input type="hidden" name="TitleNotInXMLForm" value="<%=title %>"/> - </table> - </form> -</view:board> -</div> - - <% if (form != null) { %> - <div id="template"> - <form name="XMLSearchForm" method="post" action="XMLSearch" enctype="multipart/form-data"> - <input type="hidden" name="TitleNotInXMLForm" value="<%=title%>"/> - <% - form.display(out, context, emptyData); - %> - </form> - </div> - <br/> - <% } %> -<% - buttonPane.addButton(gef.getFormButton(resource.getString("pdcPeas.search"), "javascript:sendXMLRequest();", false)); - out.println(buttonPane.print()); - out.println(frame.printAfter()); - out.println(window.printAfter()); -%> -<view:progressMessage/> -</body> -</html> \ No newline at end of file + </form> + </div> + <br/> + </c:if> + <view:buttonPane> + <view:button label="${searchAction}" action="javascript:sendXMLRequest();" + disabled="false"/> + </view:buttonPane> + </view:frame> + </view:window> + <view:progressMessage/> + </view:sp-body-part> +</view:sp-page>
core-web/src/main/resources/META-INF/viewGenerator.tld+2 −2 modified@@ -900,14 +900,14 @@ </deferred-value> </attribute> <attribute> - <description>Forces spaceId (usefull in portlets page and space homepage)</description> + <description>Forces spaceId (useful in portlets page and space homepage)</description> <name>spaceId</name> <required>false</required> <rtexprvalue>true</rtexprvalue> <type>java.lang.String</type> </attribute> <attribute> - <description>Forces componentId (usefull in portlets case)</description> + <description>Forces componentId (useful in portlets case)</description> <name>componentId</name> <required>false</required> <rtexprvalue>true</rtexprvalue>
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-vmj7-7xmm-4349ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-30139ghsaADVISORY
- github.com/Silverpeas/Silverpeas-Core/commit/7b4bacc80d11ab60423bdc6eb69e0176e9c27fc7ghsaWEB
- github.com/Silverpeas/Silverpeas-Core/pull/1421nvdWEB
- github.com/bodd1593/CVEs-huyle/tree/main/CVE-2026-30139nvdWEB
News mentions
0No linked articles in our index yet.