Merge pull request #10 from TeneBrae93/master

Silverpeas Title Updates & Blog Post

Author: DaveYesland

CVE-2023-47320/README.md

@@ -1,11 +1,11 @@
-# CVE-2023-47320: Denial of Service via Broken Access Control in Silverpeas Core
+# CVE-2023-47320: Silverpeas Core Denial of Service via Broken Access Control
 
 ## Information
 **Description:** This allows denial-of-service by a low privileged user affecting the Silverpeas Core application. <br>
 **Versions Affected:** < 6.3.1 <br> 
 **Version Fixed:** 6.3.2  <br> 
 **Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)  
-**Disclosure Link:** https://rhinosecuritylabs.com/blog/  
+**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/  
 **NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320  
 
 ## Proof-of-Concept Exploit

CVE-2023-47321/README.md

@@ -1,11 +1,11 @@
-# CVE-2023-47321: Portlet Deployer Access via Broken Access Control in Silverpeas Core
+# CVE-2023-47321: Silverpeas Core Portlet Deployer Access via Broken Access Control
 
 ## Information
 **Description:** This allows low privileged users to access the Portlet Deployment tool. <br> 
 **Versions Affected:** < 6.3.1 <br> 
 **Version Fixed:** 6.3.2  <br> 
 **Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)  
-**Disclosure Link:** https://rhinosecuritylabs.com/blog/  
+**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/  
 **NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320  
 
 ## Proof-of-Concept Exploit

CVE-2023-47322/README.md

@@ -1,11 +1,11 @@
-# CVE-2023-47322: CSRF Leading to Privilege Escalation in Silverpeas Core
+# CVE-2023-47322: Silverpeas Core CSRF Leading to Privilege Escalation
 
 ## Information
 **Description:** The "userModify" request is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. <br> 
 **Versions Affected:** < 6.3.1 <br> 
 **Version Fixed:** 6.3.2  <br> 
 **Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)  
-**Disclosure Link:** https://rhinosecuritylabs.com/blog/  
+**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/  
 **NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320  
 
 ## Proof-of-Concept Exploit

CVE-2023-47323/README.md

@@ -1,11 +1,11 @@
-# CVE-2023-47323: Broken Access Control Allows Reading All Messages in Silverpeas Core
+# CVE-2023-47323: Silverpeas Core Broken Access Control Allows Reading All Messages
 
 ## Information
 **Description:** The notification/messaging feature does not enforce access control on the ID parameter, allowing any user to read all messages (including admin-only messages). <br> 
 **Versions Affected:** < 6.3.1 <br> 
 **Version Fixed:** 6.3.2  <br> 
 **Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)  
-**Disclosure Link:** https://rhinosecuritylabs.com/blog/  
+**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/  
 **NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320  
 
 ## Proof-of-Concept Exploit

CVE-2023-47324/README.md

@@ -1,11 +1,11 @@
-# CVE-2023-47324: Stored XSS in Messages affecting Silverpeas Core
+# CVE-2023-47324: Silverpeas Core Stored XSS in Messages
 
 ## Information
 **Description:** The messaging feature of Silverpeas Core is vulnerable to Stored Cross-Site Scripting (XSS). <br> 
 **Versions Affected:** < 6.3.1 <br> 
 **Version Fixed:** 6.3.2  <br> 
 **Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)  
-**Disclosure Link:** https://rhinosecuritylabs.com/blog/  
+**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/  
 **NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320  
 
 ## Proof-of-Concept Exploit

CVE-2023-47325/README.md

@@ -1,11 +1,11 @@
-# CVE-2023-47325: Broken Access Control on the "Bin" Allows Modification of Deleted Spaces in Silverpeas Core 
+# CVE-2023-47325: Silverpeas Core Broken Access Control on the "Bin" Allows Modification of Deleted Spaces
 
 ## Information
 **Description:** Broken Access Control on the "Bin" allows low privileged users to access and modify deleted spaces in Silverpeas Core. <br> 
 **Versions Affected:** < 6.3.1 <br> 
 **Version Fixed:** 6.3.2  <br> 
 **Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)  
-**Disclosure Link:** https://rhinosecuritylabs.com/blog/  
+**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/ 
 **NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320  
 
 ## Proof-of-Concept Exploit

CVE-2023-47326/README.md

@@ -1,11 +1,11 @@
-# CVE-2023-47326: Domain Creation is vulnerable to CSRF in Silverpeas Core
+# CVE-2023-47326: Silverpeas Core Domain Creation is vulnerable to CSRF
 
 ## Information
 **Description:** Silverpeas Core is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. <br> 
 **Versions Affected:** < 6.3.1 <br> 
 **Version Fixed:** 6.3.2  <br> 
 **Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)  
-**Disclosure Link:** https://rhinosecuritylabs.com/blog/  
+**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/ 
 **NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320  
 
 ## Proof-of-Concept Exploit

CVE-2023-47327/README.md

@@ -1,11 +1,11 @@
-# CVE-2023-47327: The Space Create Function in Silverpeas Core is vulnerable to Broken Access Control
+# CVE-2023-47327: Silverpeas Core Space Create Function is vulnerable to Broken Access Control
 
 ## Information
 **Description:** The "create a space" feature in Silverpeas Core suffers from broken access control, allowing any user to create a space regardless of permissions. <br> 
 **Versions Affected:** < 6.3.1 <br> 
 **Version Fixed:** 6.3.2  <br> 
 **Researcher:** Tyler Ramsbey (https://youtube.com/@TylerRamsbey)  
-**Disclosure Link:** https://rhinosecuritylabs.com/blog/  
+**Disclosure Link:** https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/  
 **NIST CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2023-47320  
 
 ## Proof-of-Concept Exploit