CVE-2025-45055

Published: Jun 9, 2025

Modified: Jun 9, 2025

PUBLISHED

Description

Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attackers to escalate privileges by creating a new administrator account. The vulnerability arises from insufficient sanitization of SVG files and weak CSRF protections.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Silverpeas/Silverpeas-Core/pull/1394

https://medium.com/@mingihongkim/privilege-escalation-via-svg-injection-in-silverpeas-6-4-2-b5ab1d5b6955

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-45055

Description

Affected Products

References