CVE-2023-47322

Name of the Vulnerable Software and Affected Versions Silverpeas Core version 6.3.1

Description The issue affects the userModify feature, allowing for Cross Site Request Forgery (CSRF) that leads to privilege escalation. If an administrator visits a malicious URL while authenticated to the Silverpeas application, the CSRF can execute, making the attacker an administrator user in the application.

Recommendations For Silverpeas Core version 6.3.1, consider disabling the userModify feature as a temporary workaround until a patch is available. Restrict access to the userModify feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.