Lucene search
GitHub Advisory DatabaseGHSA-R9VW-CJF9-XH4XHistoryJul 19, 2024 - 9:31 p.m.
ProcessWire Cross Site Request Forgery vulnerability
2024-07-1921:31:11
CWE-352
GitHub Advisory Database
github.com
3
processwire
csrf
vulnerability
remote attacker
arbitrary code
crafted html
comments functionality
software
CVSS3
4.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
AI Score
7.6
Confidence
High
EPSS
0
Percentile
9.3%
Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality.
Affected configurations
Node
processwireprocesswireRange≤3.0.229
| Vendor | Product | Version | CPE |
|---|---|---|---|
| processwire | processwire | * | cpe:2.3:a:processwire:processwire:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2024-41597
2024-07-19 20:15:08
vulnrichment
vulnrichment
CVE-2024-41597
2024-07-19 00:00:00
osv
osv
ProcessWire Cross Site Request Forgery vulnerability
2024-07-19 21:31:11
cve
cve
CVE-2024-41597
2024-07-19 20:15:08
veracode
veracode
Cross-Site Request Forgery (CSRF)
2024-07-22 05:40:38
cvelist
cvelist
CVE-2024-41597
2024-07-19 00:00:00
CVSS3
4.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
AI Score
7.6
Confidence
High
EPSS
0
Percentile
9.3%
Related for GHSA-R9VW-CJF9-XH4X