org.silverpeas.core:silverpeas-core
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.silverpeas.core:silverpeas-corepage 1 of 1
- CVE-2023-47326HIGHCVSS 8.8EG 8.8✓ Fixed in 6.3.22023-12-13
Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.
- CVE-2024-29392MEDIUMCVSS 5.4EG 6.12024-05-22
Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController.
- CVE-2024-36042CRITICALCVSS 9.8EG 9.8✓ Fixed in 6.3.52024-06-03
Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
- CVE-2024-42850CRITICALCVSS 9.8EG 4.32024-08-16
An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.
- CVE-2024-56923MEDIUMCVSS 5.4EG 5.4✓ Fixed in 6.4.22025-01-22
Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 <= 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a…
- CVE-2025-46047MEDIUMCVSS 6.5EG 6.5✓ Fixed in 6.4.32025-09-02
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.
Check whether org.silverpeas.core:silverpeas-core is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.silverpeas.core:silverpeas-core CVEs against the assets you own.
Start Free Scan →