-
Notifications
You must be signed in to change notification settings - Fork 349
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
6146aa7
commit be65587
Showing
2 changed files
with
65 additions
and
29 deletions.
There are no files selected for viewing
65 changes: 65 additions & 0 deletions
65
advisories/github-reviewed/2025/01/GHSA-788m-27g4-cf86/GHSA-788m-27g4-cf86.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-788m-27g4-cf86", | ||
| "modified": "2025-01-22T22:00:04Z", | ||
| "published": "2025-01-22T21:30:57Z", | ||
| "aliases": [ | ||
| "CVE-2024-56923" | ||
| ], | ||
| "summary": "Cross site scripting in Silverpeas Core", | ||
| "details": "Stored Cross-Site Scripting (XSS) in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" | ||
| } | ||
| ], | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "ecosystem": "Maven", | ||
| "name": "org.silverpeas.core:silverpeas-core" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "6.4.2" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56923" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/Silverpeas/Silverpeas-Core/pull/1373" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/Mohamed-Saqib-C/CVEs/blob/main/CVE-2024-56923/README.md" | ||
| }, | ||
| { | ||
| "type": "PACKAGE", | ||
| "url": "https://github.com/Silverpeas/Silverpeas-Core" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-79" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": true, | ||
| "github_reviewed_at": "2025-01-22T22:00:04Z", | ||
| "nvd_published_at": "2025-01-22T21:15:09Z" | ||
| } | ||
| } |
29 changes: 0 additions & 29 deletions
29
advisories/unreviewed/2025/01/GHSA-788m-27g4-cf86/GHSA-788m-27g4-cf86.json
This file was deleted.
Oops, something went wrong.