CVE-2024-41453

Name of the Vulnerable Software and Affected Versions Process Maker pm4core-docker version 4.1.21-RC7

Description A cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. This issue enables attackers to inject malicious scripts, potentially leading to unauthorized actions on the affected system.

Recommendations For Process Maker pm4core-docker version 4.1.21-RC7, consider disabling the Name parameter to prevent exploitation until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of script injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.