CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40488
https://notcve.org/view.php?id=CVE-2022-40488
31 Oct 2022 — ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). Se descubrió que ProcessWire v3.0.200 contenía Cross-Site Request Forgery (CSRF). • http://processwire.com • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40487
https://notcve.org/view.php?id=CVE-2022-40487
31 Oct 2022 — ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload. Se descubrió que ProcessWire v3.0.200 contiene múltiples vulnerabilidades de Cross-Site Scripting (XSS) a través de la función Buscar Usuarios y Páginas de Búsqueda. Estas vulnerabilidades permiten a los atacantes ejecutar scripts web o HTML arbitrar... • http://processwire.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •