Security Advisory

CVE-2024-41597

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-19 00:00:00
Last updated 2026-07-09 12:42:26
Assigner mitre
State PUBLISHED

Description

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful attack technique. Also, the submitted comments are, by default, held for moderator review.