SecBoard
Zurück zur CVE-Übersicht

CVE-2024-41597

MEDIUM(4.2)

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Risk Signal Score11/100 — NIEDRIG
  • CVSS 4.2 — Mittel

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

4.2

Technische Schwere

Beschreibung

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful attack technique. Also, the submitted comments are, by default, held for moderator review.

Referenzen