Silverpeas: >> Silverpeas >> 6.4 Security Vulnerabilities
Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 <= 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-01-22
An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function.
CVSS Score
6.5
EPSS Score
0.113
Published
2024-08-16
An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.
CVSS Score
9.8
EPSS Score
0.432
Published
2024-08-16