processwire is vulnerable to cross-site scripting. The vulnerability exists due to lack of CSRF
session validations in the executeEditBookmark
function in rocessPageListerBookmarks.php
which allows a remote attacker to inject and execute malicious JavaScript into the system.
CPE | Name | Operator | Version |
---|---|---|---|
processwire/processwire | le | 3.0.200 | |
processwire/processwire | le | 3.0.200 |