Skip to main content

Silverpeas CVE-2023-47322

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2023-12-13 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 13, 2023 - 14:15 nvd
HIGH 8.8

DescriptionNVD

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

AnalysisAI

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application. Affected products include: Silverpeas.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2024-42850 CRITICAL POC
9.8 Aug 16

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity

CVE-2024-36042 CRITICAL POC
9.8 Jun 03

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often prov

CVE-2023-47326 HIGH POC
8.8 Dec 13

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. Rated high

CVE-2023-47320 HIGH POC
8.1 Dec 13

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.1), this vulnerability is r

CVE-2023-47323 HIGH POC
7.5 Dec 13

The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. Rated h

CVE-2024-42849 MEDIUM POC
6.5 Aug 16

An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change f

CVE-2025-46047 MEDIUM POC
6.5 Sep 02

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows

CVE-2023-47324 MEDIUM POC
5.4 Dec 13

Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature. Rated medium sev

CVE-2023-47325 MEDIUM POC
5.4 Dec 13

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. Rated medium severity (CVSS 5.4

CVE-2025-45055 MEDIUM POC
5.4 Jun 09

Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authentic

CVE-2024-39031 MEDIUM POC
5.4 Jul 09

In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Rated medium s

CVE-2024-29392 MEDIUM POC
5.4 May 22

Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController. Rated medium severity (C

Share

CVE-2023-47322 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy