CVE-2024-25506 - Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote att

CVE-2024-25506

Summary

Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie.

References

https://medium.com/%40proflamyt/cve-2024-25506-425ba3212fb6

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

28-03-2024 - 20:53

Published

28-03-2024 - 20:15

Last modified

28-03-2024 - 20:53