Maven package
org.silverpeas.core/silverpeas-core-api
pkg:maven/org.silverpeas.core/silverpeas-core-api
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-47324 | — | < 6.3.2 | 6.3.2 | Dec 13, 2023 | Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature. | ||
| CVE-2023-47323 | — | < 6.3.2 | 6.3.2 | Dec 13, 2023 | The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators. |
- CVE-2023-47324Dec 13, 2023affected < 6.3.2fixed 6.3.2
Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.
- CVE-2023-47323Dec 13, 2023affected < 6.3.2fixed 6.3.2
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.