CVE-2025-46047

Published
View on NVD ↗
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.

Silverpeas/Silverpeas-Core
Silverpeas/Silverpeas-Core
Core API for Silverpeas
GitHubGitHub
54
J0ey17/CVE-2025-46047
J0ey17/CVE-2025-46047
PoC for Silverpeas <= 6.4.2 Username Enumeration
GitHubGitHub
2