Maven package
org.silverpeas.core/silverpeas-core-war
pkg:maven/org.silverpeas.core/silverpeas-core-war
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-30139 | Med | 6.1 | <= 6.4-feature13197 | — | Apr 22, 2026 | A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input. | |
| CVE-2023-47324 | — | < 6.3.2 | 6.3.2 | Dec 13, 2023 | Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature. | ||
| CVE-2023-47320 | — | < 6.3.2 | 6.3.2 | Dec 13, 2023 | Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. |
- affected <= 6.4-feature13197
A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input.
- CVE-2023-47324Dec 13, 2023affected < 6.3.2fixed 6.3.2
Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.
- CVE-2023-47320Dec 13, 2023affected < 6.3.2fixed 6.3.2
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users.