An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1nMjdjLXcydjctODh4cM4AA3ux

Cross Site Request Forgery in Silverpeas

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 2 months ago
Updated: 2 months ago

CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Identifiers: GHSA-g27c-w2v7-88xp, CVE-2023-47322

Affected Packages

Versions: < 6.3.2
Fixed in: 6.3.2