Home/Product/silverpeas
Product

silverpeas

18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-46047
all versions
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote at
6.5MEDIUM
 CVE-2025-45055
all versions
Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authenticated user
5.4MEDIUM
 CVE-2024-56923
>= 6.3.1 and < 6.4.2
Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core
5.4MEDIUM
 CVE-2024-48814
all versions
SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via the ViewType paramete
7.5HIGH
 CVE-2024-42850
<= 6.4.2
An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requiremen
9.8CRITICAL
 CVE-2024-42849
<= 6.4.2
An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function.
6.5MEDIUM
 CVE-2024-39031
< 6.4
In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can
5.4MEDIUM
 CVE-2024-36042
< 6.3.5
Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an u
9.8CRITICAL
 CVE-2024-29392
all versions
Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController.
5.4MEDIUM
 CVE-2023-47327
< 6.3.2
The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken acc
4.3MEDIUM
 CVE-2023-47326
< 6.3.2
Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.
8.8HIGH
 CVE-2023-47325
< 6.3.2
Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to nav
5.4MEDIUM
 CVE-2023-47324
< 6.3.2
Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.
5.4MEDIUM
 CVE-2023-47323
< 6.3.2
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an at
7.5HIGH
 CVE-2023-47322
< 6.3.2
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalati
8.8HIGH
 CVE-2023-47321
< 6.3.2
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .W
4.9MEDIUM
 CVE-2023-47320
< 6.3.2
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administra
8.1HIGH
 CVE-2018-19586
>= 5.15 and <= 6.0.2
Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file
9.9CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh