N/A

In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and "Description" fields when creating an event and then add the administrator or any user to the event. When the invited user (victim) views their own profile, the payload will be executed on their side, even if they do not click on the event.

N/A

N/A

Silverpeas 安全漏洞

Silverpeas是一套开源的业务协作平台。该平台包括项目管理、博客、论坛和文档管理等应用程序。 Silverpeas 6.3.5及之前版本存在安全漏洞，该漏洞源于容易受到存储型跨站脚本攻击。

N/A

N/A