A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.
7.5CVSS
7.4AI Score
0.01EPSS
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload.
6.1CVSS
6.3AI Score
0.001EPSS
ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).
6.5CVSS
6.5AI Score
0.001EPSS
An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a Proc...
7.2CVSS
7.2AI Score
0.001EPSS