漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attackers to escalate privileges by creating a new administrator account. The vulnerability arises from insufficient sanitization of SVG files and weak CSRF protections.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Silverpeas 安全漏洞
Vulnerability Description
Silverpeas是Silverpeas开源的一套开源的业务协作平台。该平台包括项目管理、博客、论坛和文档管理等应用程序。 Silverpeas 6.4.2版本存在安全漏洞,该漏洞源于事件管理模块中对SVG文件清理不足和CSRF保护薄弱,可能导致存储型跨站脚本攻击和权限提升。
CVSS Information
N/A
Vulnerability Type
N/A