Vulnerabilities > Silverpeas > Silverpeas > 5.12.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-13 | CVE-2023-47320 | Unspecified vulnerability in Silverpeas Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. | 8.1 |
| 2023-12-13 | CVE-2023-47321 | Unspecified vulnerability in Silverpeas Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets. | 4.9 |
| 2023-12-13 | CVE-2023-47322 | Cross-Site Request Forgery (CSRF) vulnerability in Silverpeas The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. | 8.8 |
| 2023-12-13 | CVE-2023-47323 | Unspecified vulnerability in Silverpeas The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. | 7.5 |
| 2023-12-13 | CVE-2023-47324 | Cross-site Scripting vulnerability in Silverpeas Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature. | 5.4 |
| 2023-12-13 | CVE-2023-47325 | Unspecified vulnerability in Silverpeas Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. | 5.4 |
| 2023-12-13 | CVE-2023-47326 | Cross-Site Request Forgery (CSRF) vulnerability in Silverpeas Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. | 8.8 |
| 2023-12-13 | CVE-2023-47327 | Unspecified vulnerability in Silverpeas The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. | 4.3 |