Back

CVE-2024-39031

July 9, 2024, 9:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Silverpeas Core

  • <= 6.3.5

Source

cve@mitre.org

Tags

cve@mitre.org
2024-07-09
CVE-2024-39031

CVE-2024-39031 details

Published : July 9, 2024, 9:15 p.m.
Last Modified : July 9, 2024, 9:15 p.m.

Description

In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a new event and add it to his calendar. The user can also add other users to the event from the same domain, including administrator. A normal user can create an event with XSS payload inside “Titre” and “Description” parameters and add the administrator or any user to the event. When the other user (victim) visits his own profile (even without clicking on the event) the payload will be executed on the victim side.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://github.com/toneemarqus/CVE-2024-39031 cve@mitre.org
https://www.github.com/Silverpeas/Silverpeas-Core/pull/1346 cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.