Description
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.
Remediation
References
http://silverpeas.com
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47322
Related Vulnerabilities
CVE-2021-21290 Vulnerability in maven package io.netty:netty-transport-native-unix-common-tests
CVE-2021-43306 Vulnerability in npm package jquery-validation
CVE-2023-31581 Vulnerability in maven package com.usthe.sureness:sureness-core
CVE-2019-19771 Vulnerability in npm package coinstrng
CVE-2022-25647 Vulnerability in maven package com.google.code.gson:gson