Silverpeas: >> Silverpeas >> 6.3 Security Vulnerabilities
Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-12-13
Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-12-13
The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-12-13
Page 2