VYPR
Vendor

Silverpeas

Products
1
CVEs
10
Across products
10
Status
Private

Products

1

Recent CVEs

10
  • CVE-2018-19586CriApr 9, 2019
    risk 0.65cvss 9.9epss 0.05

    Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary…

  • CVE-2024-42850CriAug 16, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

  • CVE-2024-36042CriJun 3, 2024
    risk 0.57cvss 9.8epss 0.01

    Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.

  • CVE-2024-42849MedAug 16, 2024
    risk 0.42cvss 6.5epss 0.01

    An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function.

  • CVE-2026-53698MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set.

  • CVE-2025-46047MedSep 2, 2025
    risk 0.35cvss 6.5epss 0.00

    A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.

  • CVE-2024-29392MedMay 22, 2024
    risk 0.35cvss 5.4epss 0.00

    Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController.

  • CVE-2024-39031MedJul 9, 2024
    risk 0.28cvss 5.4epss 0.01

    In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and…

  • CVE-2025-45055MedJun 9, 2025
    risk 0.00cvss 5.4epss 0.00

    Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session.…

  • CVE-2024-48814HigJan 3, 2025
    risk 0.00cvss 7.5epss 0.01

    SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via the ViewType parameter of the findbywhereclause function