Advisories for Maven/Org.silverpeas.core/Silverpeas-Core package

2025

Silverpeas Core Username Enumeration Vulnerability

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.

Cross site scripting in Silverpeas Core

Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 <= 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription.

2024

Advisories for Maven/Org.silverpeas.core/Silverpeas-Core package

Silverpeas Core Username Enumeration Vulnerability

Cross site scripting in Silverpeas Core

Silverpeas vulnerable to password complexity rule bypass

Silverpeas authentication bypass

Silverpeas Core vulnerable to Cross Site Scripting

Cross-Site Request Forgery (CSRF)