CVE-2024-39031

July 9, 2024, 9:15 p.m.

None
No Score

Description

In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a new event and add it to his calendar. The user can also add other users to the event from the same domain, including administrator. A normal user can create an event with XSS payload inside “Titre” and “Description” parameters and add the administrator or any user to the event. When the other user (victim) visits his own profile (even without clicking on the event) the payload will be executed on the victim side.

Product(s) Impacted

Product Versions
Silverpeas Core
  • ['<= 6.3.5']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://github.com/toneemarqus/CVE-2024-39031
https://www.github.com/Silverpeas/Silverpeas-Core/pull/1346

Tags

cve@mitre.org
2024-07-09
CVE-2024-39031

Timeline

Published: July 9, 2024, 9:15 p.m.
Last Modified: July 9, 2024, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.