Skip to content

Latest commit

 

History

History

CVE-2023-47324

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 

CVE-2023-47324: Silverpeas Core Stored XSS in Messages

Information

Description: The messaging feature of Silverpeas Core is vulnerable to Stored Cross-Site Scripting (XSS).
Versions Affected: < 6.3.1
Version Fixed: 6.3.2
Researcher: Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
Disclosure Link: https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2023-47320

Proof-of-Concept Exploit

Description

The notification/messaging feature of Silverpeas Core 6.3.1 is vulnerable to Stored Cross-Site Scripting (XSS).

Usage/Exploitation

To exploit this vulnerability, the following payload can be sent in a message to another user: <img/src/onerror=prompt(1)>. When the user opens it, it successfully executes Javascript in the user's browser.