CVE-2024-25506

Publication date

2024-03-28 00:00:00

Family

mitre

State

PUBLISHED

Description

Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie.