Vulnerability Details CVE-2024-56923
Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 <= 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.6%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2024-56923
-
cpe:2.3:a:silverpeas:silverpeas:6.3.1
-
cpe:2.3:a:silverpeas:silverpeas:6.3.2
-
cpe:2.3:a:silverpeas:silverpeas:6.3.3
-
cpe:2.3:a:silverpeas:silverpeas:6.3.4
-
cpe:2.3:a:silverpeas:silverpeas:6.3.5
-
cpe:2.3:a:silverpeas:silverpeas:6.3.6
-
cpe:2.3:a:silverpeas:silverpeas:6.4
-
cpe:2.3:a:silverpeas:silverpeas:6.4.1