Lucene search
Veracode Vulnerability DatabaseVERACODE:37737HistoryNov 01, 2022 - 7:32 a.m.
Cross-Site Scripting (XSS)
2022-11-0107:32:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
cross-site scripting
csrf
processwire
0.001 Low
EPSS
Percentile
21.6%
processwire is vulnerable to cross-site scripting. The vulnerability exists due to lack of CSRF session validations in the executeEditBookmark function in rocessPageListerBookmarks.php which allows a remote attacker to inject and execute malicious JavaScript into the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| processwire/processwire | le | 3.0.200 | |
| processwire/processwire | le | 3.0.200 |
Related
cve
cve
CVE-2022-40488
2022-10-31 12:15:10
github
github
ProcessWire vulnerable to Cross-Site Request Forgery
2022-10-31 19:00:37
osv
osv
ProcessWire vulnerable to Cross-Site Request Forgery
2022-10-31 19:00:37
CVE-2022-40488
2022-10-31 12:15:10
prion
prion
Cross site request forgery (csrf)
2022-10-31 12:15:00
nvd
nvd
CVE-2022-40488
2022-10-31 12:15:10
cvelist
cvelist
CVE-2022-40488
2022-10-31 00:00:00