Mohamed Saqib C

1 exploit Active since Jan 2025
CVE-2024-56923 WRITEUP MEDIUM WRITEUP
Silverpeas 6.3.1-6.4.1 - Stored Cross-Site Scripting in My Subscriptions Categorization Option
Stored Cross-Site Scripting (XSS) Vulnerability in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.3.1 <= 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription.
CVSS 5.4