CVE-2024-41453

A cross-site scripting XSS vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...

CVE-2024-41454

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file...

CVE-2024-41453

A cross-site scripting XSS vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...

CVE-2024-41454

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file...

CVE-2024-41454

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file...

CVE-2024-41454

CVE-2024-41454 : The reports indicate an arbitrary file upload vulnerability in the Process Maker pm4core-docker 4.1.21-RC7 UI login page logo upload function. A crafted PHP or HTML file can be uploaded, enabling arbitrary code execution. The exact root cause described is an insecure file upload ...

CVE-2024-41454

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file...

CVE-2024-41453

A cross-site scripting XSS vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...

CVE-2024-41453

A cross-site scripting XSS vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...

CVE-2024-41453

CVE-2024-41453 : In Process Maker pm4core-docker 4.1.21-RC7, a cross-site scripting (XSS) vulnerability exists via a crafted payload injected into the Name parameter. Red Hat entries also confirm CVE-2024-41454 as an arbitrary file upload vulnerability in the UI login page logo upload function, e...

SUSE CVE-2024-28570

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to cause a denial of service DoS via the processMakerNote function when reading images in JPEG format...

CVE-2024-25506

Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pmsyssys cookie...

CVE-2024-25506

ProcessMaker CVE-2024-25506 describes a Cross Site Scripting vulnerability in ProcessMaker before 4.0 where an attacker can remotely run arbitrary code by manipulating the pm_sys_sys cookie. Affected software: ProcessMaker prior to version 4.0. Root cause: improper handling of the pm_sys_sys cook...

PT-2024-22473 · Freeimage +1 · Freeimage +1

Name of the Vulnerable Software and Affected Versions: FreeImage version 3.19.0 r1909 Description: The issue allows a local attacker to cause a denial of service DoS via the processMakerNote function when reading images in JPEG format. Recommendations: For FreeImage version 3.19.0 r1909, consider...