Medium severity6.5NVD Advisory· Published Mar 28, 2024· Updated Apr 15, 2026
CVE-2024-25506
CVE-2024-25506
Description
Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie.
Affected products
2<4.0+ 1 more
- (no CPE)range: <4.0
- (no CPE)range: <4.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.