Maven package
org.silverpeas.core/silverpeas-core
pkg:maven/org.silverpeas.core/silverpeas-core
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-46047 | — | >= 6.4.1, < 6.4.3 | 6.4.3 | Sep 2, 2025 | A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter. | ||
| CVE-2024-56923 | — | >= 6.3.1, < 6.4.2 | 6.4.2 | Jan 22, 2025 | Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 <= 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of | ||
| CVE-2024-42850 | — | <= 6.4.2 | — | Aug 16, 2024 | An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. | ||
| CVE-2024-36042 | — | < 6.3.5 | 6.3.5 | Jun 3, 2024 | Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access. | ||
| CVE-2024-29392 | — | <= 6.3 | — | May 22, 2024 | Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController. | ||
| CVE-2023-47326 | — | < 6.3.2 | 6.3.2 | Dec 13, 2023 | Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. |
- CVE-2025-46047Sep 2, 2025affected >= 6.4.1, < 6.4.3fixed 6.4.3
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.
- CVE-2024-56923Jan 22, 2025affected >= 6.3.1, < 6.4.2fixed 6.4.2
Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 <= 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of
- CVE-2024-42850Aug 16, 2024affected <= 6.4.2
An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.
- CVE-2024-36042Jun 3, 2024affected < 6.3.5fixed 6.3.5
Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
- CVE-2024-29392May 22, 2024affected <= 6.3
Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController.
- CVE-2023-47326Dec 13, 2023affected < 6.3.2fixed 6.3.2
Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.