CVE-2022-40487

Name of the Vulnerable Software and Affected Versions ProcessWire version 3.0.200

Description The issue allows attackers to execute arbitrary web scripts or HTML via injection of a crafted payload, leveraging multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities are specifically found in the Search Users and Search Pages function.

Recommendations For version 3.0.200, consider disabling the Search Users and Search Pages functions until a patch is available to prevent exploitation of the XSS vulnerabilities. Restrict access to these functions to minimize the risk of arbitrary web script or HTML execution.