📦 Silverpeas

This vulnerability in Silverpeas allows attackers to bypass password complexity requirements when changing passwords, potentially enabling weak password usage. It affects Silverpeas v6.4.2 and lower v...

A SQL injection vulnerability in Silverpeas 6.4.1 allows remote attackers to execute arbitrary SQL commands via the ViewType parameter in the findbywhereclause function. This can lead to unauthorized ...

Silverpeas Core 6.3.1 and earlier versions have an incorrect access control vulnerability that allows low-privileged users to execute administrator-only functions. Specifically, attackers can put the ...

This CSRF vulnerability in Silverpeas Core allows attackers to escalate privileges by tricking authenticated administrators into visiting malicious URLs. When exploited, it can grant administrative ac...

Silverpeas Core 6.3.1 has a CSRF vulnerability in its Domain SQL Create function that allows attackers to trick authenticated users into executing unauthorized SQL operations. This affects all Silverp...

Silverpeas 6.4.2 contains a stored XSS vulnerability in the event management module where authenticated users can upload malicious SVG files. When administrators view these files, embedded JavaScript ...

A stored cross-site scripting (XSS) vulnerability in Silverpeas Core allows remote attackers to inject malicious JavaScript into the Name field of subscriptions. When an admin user views the affected ...

A vulnerability in Silverpeas versions 6.4.2 and earlier allows remote attackers to cause denial of service through the password change function. This affects all Silverpeas deployments running vulner...

This is a stored cross-site scripting (XSS) vulnerability in Silverpeas Core's calendar feature. An authenticated user can inject malicious scripts into event titles and descriptions, which execute au...