Medium severity5.4NVD Advisory· Published Aug 11, 2023· Updated Jun 17, 2026
CVE-2020-25915
CVE-2020-25915
Description
Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
thinkcmf/thinkcmfPackagist | < 5.1.7 | 5.1.7 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-4847-gqxx-v9xpghsaADVISORY
- github.com/thinkcmf/thinkcmf/issues/675nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-25915ghsaADVISORY
- github.com/thinkcmf/thinkcmf/commit/27e1fbea5aed5619d15c1257614df45298f04436ghsaWEB
News mentions
0No linked articles in our index yet.