Mohamed Saqib C

**Name of the Vulnerable Software and Affected Versions** Silverpeas Core versions 6.3.1 through 6.4.1 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability in the Categorization Option of the My Subscriptions functionality. A remote attacker can execute arbitrary JavaScript code by injecting a malicious payload into the `Name` field of a subscription. This can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription. **Recommendations** For Silverpeas Core versions 6.3.1 through 6.4.1, consider disabling the Categorization Option of the My Subscriptions functionality until a patch is available. Restrict access to the My Subscriptions feature to minimize the risk of exploitation. Avoid using the `Name` field in the affected subscription functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.