Silverpeas
Products
1- 10 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19586 | Cri | 0.65 | 9.9 | 0.05 | Apr 9, 2019 | Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary… | ||
| CVE-2024-42850 | Cri | 0.64 | 9.8 | 0.01 | Aug 16, 2024 | An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. | ||
| CVE-2024-36042 | Cri | 0.57 | 9.8 | 0.01 | Jun 3, 2024 | Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access. | ||
| CVE-2024-42849 | Med | 0.42 | 6.5 | 0.01 | Aug 16, 2024 | An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function. | ||
| CVE-2026-53698 | Med | 0.35 | 6.5 | 0.00 | Jun 10, 2026 | Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set. | ||
| CVE-2025-46047 | Med | 0.35 | 6.5 | 0.00 | Sep 2, 2025 | A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter. | ||
| CVE-2024-29392 | Med | 0.35 | 5.4 | 0.00 | May 22, 2024 | Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController. | ||
| CVE-2024-39031 | Med | 0.28 | 5.4 | 0.01 | Jul 9, 2024 | In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and… | ||
| CVE-2025-45055 | Med | 0.00 | 5.4 | 0.00 | Jun 9, 2025 | Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session.… | ||
| CVE-2024-48814 | Hig | 0.00 | 7.5 | 0.01 | Jan 3, 2025 | SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via the ViewType parameter of the findbywhereclause function |
- risk 0.65cvss 9.9epss 0.05
Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary…
- risk 0.64cvss 9.8epss 0.01
An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.
- risk 0.57cvss 9.8epss 0.01
Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
- risk 0.42cvss 6.5epss 0.01
An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function.
- risk 0.35cvss 6.5epss 0.00
Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set.
- risk 0.35cvss 6.5epss 0.00
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.
- risk 0.35cvss 5.4epss 0.00
Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController.
- risk 0.28cvss 5.4epss 0.01
In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and…
- risk 0.00cvss 5.4epss 0.00
Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session.…
- risk 0.00cvss 7.5epss 0.01
SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via the ViewType parameter of the findbywhereclause function