CVE-2023-47324: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

December 13, 2023

Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.

References

silverpeas.com/
github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47324
github.com/Silverpeas/Silverpeas-Core/commit/9cb2941e9242db3df179c1170d7695c9917e4e9c
github.com/Silverpeas/Silverpeas-Core/pull/1298/commits
github.com/advisories/GHSA-wgrw-fj3v-fhc5
nvd.nist.gov/vuln/detail/CVE-2023-47324

Detect and mitigate CVE-2023-47324 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →