Advisories for Maven/Org.silverpeas.core/Silverpeas-Core-War package

2023

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.

Broken access control in Silverpeas

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.