CVE-2023-47322
HIGHCVSS v3.1: 8.8 · EPSS: 0.0040 (32.0 percentile)
Source data as of:
At a glance
- Severity
- HIGH
- CVSS
- 8.8 v3.1 · NVD
- EPSS
- 0.0040 (32.0 percentile) · FIRST.org
- CISA KEV
- No
- Type
- CSRF · NVD CWE
- Attack conditions (CVSS vector)
- NetworkNo privileges · Source: NVD Vector
- Affected vendors
- silverpeas
- Published
- 2023-12-13 · Modified: 2026-07-05
- References
- Jump to references (2)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.