Thinksaas
Products
1- 12 CVEs
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-40456 | Cri | 0.64 | 9.8 | 0.01 | Jul 16, 2024 | ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php. | ||
| CVE-2020-35337 | Cri | 0.64 | 9.8 | 0.02 | Mar 24, 2021 | ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands. | ||
| CVE-2024-33101 | Med | 0.40 | 6.1 | 0.00 | Apr 30, 2024 | A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter. | ||
| CVE-2019-16665 | Med | 0.40 | 6.1 | 0.01 | Sep 21, 2019 | An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element. | ||
| CVE-2024-33102 | Med | 0.35 | 5.4 | 0.00 | Apr 30, 2024 | A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter. | ||
| CVE-2020-18741 | Med | 0.35 | 5.3 | 0.01 | Jul 8, 2021 | Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo." | ||
| CVE-2018-15130 | Med | 0.35 | 5.4 | 0.01 | Aug 7, 2018 | ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. | ||
| CVE-2018-15129 | Med | 0.35 | 5.4 | 0.01 | Aug 7, 2018 | ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. | ||
| CVE-2019-16664 | Med | 0.31 | 4.8 | 0.01 | Sep 21, 2019 | An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. | ||
| CVE-2024-6942 | Low | 0.23 | 3.5 | 0.00 | Jul 21, 2024 | A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting.… | ||
| CVE-2024-6941 | Low | 0.23 | 3.5 | 0.00 | Jul 21, 2024 | A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument site_title/site_subtitle/site_key/site_desc/site_url/site_email/site_icp… | ||
| CVE-2024-40455 | Low | 0.18 | 2.7 | 0.00 | Jul 16, 2024 | An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request. |
- risk 0.64cvss 9.8epss 0.01
ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php.
- risk 0.64cvss 9.8epss 0.02
ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.
- risk 0.40cvss 6.1epss 0.00
A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.
- risk 0.35cvss 5.4epss 0.00
A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter.
- risk 0.35cvss 5.3epss 0.01
Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."
- risk 0.35cvss 5.4epss 0.01
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter.
- risk 0.35cvss 5.4epss 0.01
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.
- risk 0.23cvss 3.5epss 0.00
A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting.…
- risk 0.23cvss 3.5epss 0.00
A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument site_title/site_subtitle/site_key/site_desc/site_url/site_email/site_icp…
- risk 0.18cvss 2.7epss 0.00
An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.