Lucene search
Veracode Vulnerability DatabaseVERACODE:48160HistoryJul 22, 2024 - 5:40 a.m.
Cross-Site Request Forgery (CSRF)
2024-07-2205:40:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
processwire
csrf
vulnerability
comments
functionality
remote attacker
CVSS3
4.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
AI Score
6.8
Confidence
High
ProcessWire is vulnerable to Cross Site Request Forgery (CSRF). The vulnerability is due to inadequate handling of comments functionality, which allows a remote attacker to comment as another user.
Related
nvd
nvd
CVE-2024-41597
2024-07-19 20:15:08
vulnrichment
vulnrichment
CVE-2024-41597
2024-07-19 00:00:00
cve
cve
CVE-2024-41597
2024-07-19 20:15:08
osv
osv
ProcessWire Cross Site Request Forgery vulnerability
2024-07-19 21:31:11
cvelist
cvelist
CVE-2024-41597
2024-07-19 00:00:00
github
github
ProcessWire Cross Site Request Forgery vulnerability
2024-07-19 21:31:11
CVSS3
4.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
AI Score
6.8
Confidence
High
Related for VERACODE:48160