CVE-2024-39031 Information
Jul 10, 2024
cve
Description
In Silverpeas Core <= 6.3.5 inside of mes agendas a user can create a new event and add it to his calendar. The user can also add other users to the event from the same domain including administrator. A normal user can create an event with XSS payload inside “Titre” and “Description” parameters and add the administrator or any user to the event. When the other user (victim) visits his own profile (even without clicking on the event) the payload will be executed on the victim side.
Reference
https://www.github.com/Silverpeas/Silverpeas-Core/pull/1346 https://github.com/toneemarqus/CVE-2024-39031
Share on: