Toneemarqus

**Name of the Vulnerable Software and Affected Versions** Silverpeas Core versions <= 6.3.5 **Description** The issue allows a standard user to inject an XSS payload into the `Titre` and `Description` fields when creating an event in Mes Agendas. The user can then invite others, including administrators, to the event. When the invited user views their profile, the payload is executed, even without interacting with the event. **Recommendations** For Silverpeas Core versions <= 6.3.5, update to a version greater than 6.3.5 to resolve the issue. As a temporary workaround, consider restricting access to the event creation feature in Mes Agendas to minimize the risk of exploitation. Avoid using the `Titre` and `Description` fields in the event creation process until the issue is resolved.