CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

Cross site request forgery (csrf)

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery CSRF...

Cross site scripting

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

Lfi-ProcessWire Cms 跨站请求伪造漏洞

Ryan Cramer Design Lfi-ProcessWire Cms is a free content management system Cms and framework Cmf from Ryan Cramer Design USA designed to save you time and work the way you want. A cross-site request forgery vulnerability exists in Lfi-ProcessWire Cms version v3.0.200, which stems from Althoug...

CVE-2022-40488

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery CSRF...

PT-2022-25404 · Unknown · Processwire

Name of the Vulnerable Software and Affected Versions: ProcessWire version 3.0.200 Description: A Cross-Site Request Forgery CSRF issue was discovered. Recommendations: For version 3.0.200, update to a newer version that contains a fix for this issue...

CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

PT-2022-25403 · Unknown · Processwire

Name of the Vulnerable Software and Affected Versions: ProcessWire version 3.0.200 Description: The issue allows attackers to execute arbitrary web scripts or HTML via injection of a crafted payload, leveraging multiple cross-site scripting XSS vulnerabilities. These vulnerabilities are...

CVE-2022-40487

CVE-2022-40487 : ProcessWire v3.0.200 is affected by multiple cross-site scripting (XSS) vulnerabilities in the Search Users and Search Pages functions, allowing an attacker to inject arbitrary web scripts or HTML through crafted payloads. This is documented across multiple sources (Red Hat, Vera...

CVE-2022-40488

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery CSRF...

CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

ProcessWire 跨站脚本漏洞

ProcessWire is a friendly and powerful open source CMS with a robust API. A cross-site scripting vulnerability exists in ProcessWire version v3.0.200, which originates from the Search Users and Search Functions pages and allows attackers to execute arbitrary web script or HTML by injecting a...

CVE-2022-40488

CVE-2022-40488 affects ProcessWire v3.0.200 and is described as a Cross-Site Request Forgery (CSRF) vulnerability. Several connected sources (Red Hat, GHSA, OSV, CVE listings, CNNVD) consistently state CSRF presence. Some entries reference the root cause as insufficient CSRF validation (e.g., a l...

CVE-2020-27467

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php...

CVE-2020-27467

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php...

Directory traversal

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php...

Lfi-ProcessWire Cms 路径遍历漏洞

Ryan Cramer Design Lfi-ProcessWire Cms is a free Content Management System Cms and Framework Cmf from Ryan Cramer Design USA designed to save you time and work the way you want. A path traversal vulnerability exists in Ryan Cramer Design Lfi-ProcessWire Cms versions prior to 2.7.1, which stems fr...

CVE-2020-27467

Processwire CMS prior to version 2.7.1 is vulnerable to a local file inclusion via the download parameter in index.php. Affected component: index.php handling in Processwire <2.7.1. Root cause: directory traversal/LFI flaw enabling retrieval of sensitive files. Impact: per Nuclei template, att...

CVE-2020-27467

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php...

Processwire CMS 2.4.0 - 'download' Local File Inclusion

Exploit Title: Local File Inclusion Processwire CMS 2.4.0 Vulnerability Type: Unauthenticated LFI Date: 03.11.2020 Exploit Author: Y1LD1R1M Type: WEBAPPS Platform: PHP Vendor Homepage: https://processwire.com/ Version: 2.4.0 Tested on: Kali Linux Description Local File Inclusion in Processwire CM...