CVE-2025-45055

Vulnerability Description

Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attackers to escalate privileges by creating a new administrator account. The vulnerability arises from insufficient sanitization of SVG files and weak CSRF protections.

Vulnerability Details

Published Date

June 09, 2025

Last Modified

June 25, 2025

Source

NVD

CVE-2025-45055

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment