Cross-Site Scripting Vulnerability in Process Maker by ProcessMaker
CVE-2024-41453

4.8MEDIUM

Key Information:

Vendor: ProcessMaker
Status: pm4core-docker
Vendor: CVE Published:; 15 January 2025

🔔 Create ProcessMaker Vulnerability Alert

What is CVE-2024-41453?

A cross-site scripting vulnerability exists in Process Maker pm4core-docker 4.1.21-RC7, enabling attackers to execute arbitrary web scripts or HTML. This exploitation occurs through a crafted payload injected into the Name parameter, potentially leading to significant security risks for users interacting with the affected application. Organizations leveraging this product should assess their exposure and apply mitigations as necessary to enhance their security posture.

References

https://github.com/php-lover-boy/processmaker

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jul 18, 2024

CVE-2024-41453 Data

JSON