CVE-2024-25506 | ProcessMaker up to 3.x Cookie pm_sys_sys cross site scripting

Inserito da Angelo Barbosa | Mar 28, 2024 | CVE

A vulnerability was found in ProcessMaker up to 3.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Cookie Handler. The manipulation of the argument pm_sys_sys leads to cross site scripting.

This vulnerability is known as CVE-2024-25506. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-25506 | ProcessMaker up to 3.x Cookie pm_sys_sys cross site scripting

Post correlati

CVE-2024-3199 | Plus Addons for Elementor Plugin up to 5.4.2 on WordPress Countdown Widget cross site scripting

CVE-2024-4351 | Tutor LMS Pro Plugin up to 2.7.0 on WordPress authorization

CVE-2024-1196 | SourceCodester Testimonial Page Manager 1.0 HTTP POST Request add-testimonial.php name/description/testimony cross site scripting

CVE-2024-2130 | CWW Companion Plugin up to 1.2.7 on WordPress cross site scripting