Last active
October 19, 2022 14:38
-
-
Save filipaze/32ab8683af8d82827028164e361b6e86 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2022-40487 | |
ProcessWire Cross-Site Scripting (XSS) | |
Version: ProcessWire v3.0.200 and older versions | |
Description: | |
ProcessWire is a free content management system (CMS) and framework (CMF). | |
Vulnerability: | |
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. | |
ProcessWire fails in sanitizing the user input in this functions allowing an attacker to inject malicious javascript into the victim's page. | |
Fix URL: https://github.com/processwire/processwire/commit/95bdbf76ba0761d7fa1e8a5f8334b790da0a394b | |
Credits: | |
These vulnerabilities were discovered by Filipe Azevedo e Guilherme Santos. | |
We worked with the ProcessWire security team to have these security flaws | |
reported and fixed. | |
We would like to publicly thank Ryan for his prompt response! | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment