Medium severity6.1NVD Advisory· Published Apr 22, 2026· Updated Apr 22, 2026
CVE-2026-30139
CVE-2026-30139
Description
A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.silverpeas.core:silverpeas-core-warMaven | <= 6.4-feature13197 | — |
org.silverpeas.core:silverpeas-core-webMaven | <= 6.4-feature13197 | — |
Affected products
3- ghsa-coords2 versions
<= 6.4-feature13197+ 1 more
- (no CPE)range: <= 6.4-feature13197
- (no CPE)range: <= 6.4-feature13197
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-vmj7-7xmm-4349ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-30139ghsaADVISORY
- github.com/Silverpeas/Silverpeas-Core/commit/7b4bacc80d11ab60423bdc6eb69e0176e9c27fc7ghsaWEB
- github.com/Silverpeas/Silverpeas-Core/pull/1421nvdWEB
- github.com/bodd1593/CVEs-huyle/tree/main/CVE-2026-30139nvdWEB
News mentions
0No linked articles in our index yet.