VYPR
Medium severity5.4NVD Advisory· Published Aug 11, 2023· Updated Jun 17, 2026

CVE-2020-25915

CVE-2020-25915

Description

Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
thinkcmf/thinkcmfPackagist
< 5.1.75.1.7

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.