{"url":"http://public2.vulnerablecode.io/api/packages/68184?format=json","purl":"pkg:maven/org.silverpeas.core/silverpeas-core-war@6.3.2","type":"maven","namespace":"org.silverpeas.core","name":"silverpeas-core-war","version":"6.3.2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46630?format=json","vulnerability_id":"VCID-cs29-annu-4yc5","summary":"Broken access control in Silverpeas\nSilverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in \"Maintenance Mode\" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.","references":[{"reference_url":"https://github.com/Silverpeas/Silverpeas-Core/commit/fcb4a9740b6c80859e435045b549290a82ae84a2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Silverpeas/Silverpeas-Core/commit/fcb4a9740b6c80859e435045b549290a82ae84a2"},{"reference_url":"http://silverpeas.com","reference_id":"","reference_type":"","scores":[],"url":"http://silverpeas.com"},{"reference_url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47320","reference_id":"CVE-2023-47320","reference_type":"","scores":[],"url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47320"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47320","reference_id":"CVE-2023-47320","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47320"},{"reference_url":"https://github.com/advisories/GHSA-whgv-6j78-5rh2","reference_id":"GHSA-whgv-6j78-5rh2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-whgv-6j78-5rh2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68184?format=json","purl":"pkg:maven/org.silverpeas.core/silverpeas-core-war@6.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.silverpeas.core/silverpeas-core-war@6.3.2"}],"aliases":["CVE-2023-47320","GHSA-whgv-6j78-5rh2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cs29-annu-4yc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46632?format=json","vulnerability_id":"VCID-jng9-grtn-buef","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSilverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.","references":[{"reference_url":"https://github.com/Silverpeas/Silverpeas-Core/commit/9cb2941e9242db3df179c1170d7695c9917e4e9c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Silverpeas/Silverpeas-Core/commit/9cb2941e9242db3df179c1170d7695c9917e4e9c"},{"reference_url":"https://github.com/Silverpeas/Silverpeas-Core/pull/1298/commits","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Silverpeas/Silverpeas-Core/pull/1298/commits"},{"reference_url":"http://silverpeas.com","reference_id":"","reference_type":"","scores":[],"url":"http://silverpeas.com"},{"reference_url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47324","reference_id":"CVE-2023-47324","reference_type":"","scores":[],"url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47324"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47324","reference_id":"CVE-2023-47324","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47324"},{"reference_url":"https://github.com/advisories/GHSA-wgrw-fj3v-fhc5","reference_id":"GHSA-wgrw-fj3v-fhc5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wgrw-fj3v-fhc5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68184?format=json","purl":"pkg:maven/org.silverpeas.core/silverpeas-core-war@6.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.silverpeas.core/silverpeas-core-war@6.3.2"}],"aliases":["CVE-2023-47324","GHSA-wgrw-fj3v-fhc5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jng9-grtn-buef"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.silverpeas.core/silverpeas-core-war@6.3.2"}