Filipe Azevedo

**Name of the Vulnerable Software and Affected Versions** ProcessWire version 3.0.200 **Description** The issue allows attackers to execute arbitrary web scripts or HTML via injection of a crafted payload, leveraging multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities are specifically found in the Search Users and Search Pages function. **Recommendations** For version 3.0.200, consider disabling the Search Users and Search Pages functions until a patch is available to prevent exploitation of the XSS vulnerabilities. Restrict access to these functions to minimize the risk of arbitrary web script or HTML execution.

**Name of the Vulnerable Software and Affected Versions** ProcessWire version 3.0.200 **Description** A Cross-Site Request Forgery (CSRF) issue was discovered. **Recommendations** For version 3.0.200, update to a newer version that contains a fix for this issue.