Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-vfwh-gvf6-mff8: Silverpeas Core Cross-site Scripting vulnerability

In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a new event and add it to his calendar. The user can also add other users to the event from the same domain, including administrator. A normal user can create an event with XSS payload inside Titre and Description parameters and add the administrator or any user to the event. When the other user (victim) visits his own profile (even without clicking on the event) the payload will be executed on the victim side.

ghsa
#xss#vulnerability#git

Silverpeas Core Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Jul 9, 2024 to the GitHub Advisory Database • Updated Jul 10, 2024

ghsa: Latest News

GHSA-vm62-9jw3-c8w3: Gogs has an argument Injection in the built-in SSH server