-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper output encoding when handling the subscription name field. The pull request #1373 mentions encoding HTML titles/labels, indicating the rendering layer (JSP templates) was vulnerable. The persistence layer (SubscriptionVO) likely lacks input sanitization, while the web layer (SubscriptionResource) fails to encode outputs. These components work together to enable stored XSS when admin views subscriptions.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.silverpeas.core:silverpeas-core | maven | >= 6.3.1, < 6.4.2 | 6.4.2 |
JavaJavaOngoing coverage of React2Shell