Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

154 matches found

Vulnrichment
Vulnrichmentadded 2024/07/16 12:0 a.m.9 views

CVE-2024-40456

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...

8.3AI score0.00255EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/07/16 12:0 a.m.7 views

CVE-2024-40456

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...

0.00255EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/07/16 12:0 a.m.10 views

CVE-2024-40455

An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request...

0.00132EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/07/16 12:0 a.m.8 views

CVE-2024-40455

An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request...

6.9AI score0.00132EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/07/16 12:0 a.m.3 views

PT-2024-28853 · Thinksaas · Thinksaas

Name of the Vulnerable Software and Affected Versions: ThinkSAAS version 3.7 Description: The issue allows attackers to delete arbitrary files via a crafted request. This is an arbitrary file deletion vulnerability. Recommendations: For ThinkSAAS version 3.7, update to a version that contains a f...

2.7CVSS6.2AI score0.00132EPSS
Exploits1References6
CNNVD
CNNVDadded 2024/07/16 12:0 a.m.0 views

ThinkSAAS 安全漏洞

ThinkSAAS is ThinkSAAS open source a code completely open source , flexible and open building system program . ThinkSAAS version 3.7.0 SQL injection vulnerability exists , the vulnerability stems from the name parameter in the systemactionupdate.php lack of validation of external input SQL...

9.8CVSS8.3AI score0.00255EPSS
Exploits1References2
OSV
OSVadded 2024/04/30 6:15 p.m.4 views

CVE-2024-33101

A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...

6.1CVSS5.5AI score
Exploits0References1
OSV
OSVadded 2024/04/30 6:15 p.m.4 views

CVE-2024-33102

A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter...

5.4CVSS5.5AI score
Exploits0References1
NVD
NVDadded 2024/04/30 6:15 p.m.8 views

CVE-2024-33102

A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter...

5.4CVSS5.4AI score0.01076EPSS
Exploits1References1
NVD
NVDadded 2024/04/30 6:15 p.m.7 views

CVE-2024-33101

A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...

6.1CVSS5.4AI score0.00825EPSS
Exploits1References1
CVE
CVEadded 2024/04/30 12:0 a.m.59 views

CVE-2024-33101

CVE-2024-33101 concerns a stored XSS in ThinkSAAS v3.7.0, specifically in the /action/anti.php component, where a crafted payload injected into the word parameter can cause arbitrary web script/HTML execution. The issue is confirmed across multiple sources (Red Hat, NVD, OSV, CVE lists) with a co...

6.1CVSS5.6AI score0.00825EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2024/04/30 12:0 a.m.52 views

CVE-2024-33102

CVE-2024-33102 affects ThinkSAAS v3.7.0, specifically the /pubs/counter.php component. The vulnerability is a stored XSS that allows an attacker to execute arbitrary web scripts or HTML by injecting a crafted payload into the code parameter. The CVSS v3.1 base score is 5.4 (Medium) with network a...

5.4CVSS5.6AI score0.01076EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2024/04/30 12:0 a.m.3 views

PT-2024-25114 · Thinksaas · Thinksaas

Name of the Vulnerable Software and Affected Versions: ThinkSAAS version 3.7.0 Description: A stored cross-site scripting XSS vulnerability in the component /action/anti.php allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...

6.1CVSS5.1AI score0.00825EPSS
Exploits1References7
Cvelist
Cvelistadded 2024/04/30 12:0 a.m.18 views

CVE-2024-33101

A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...

5.5AI score0.00825EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/04/30 12:0 a.m.11 views

CVE-2024-33102

A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter...

5.6AI score0.01076EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/04/30 12:0 a.m.4 views

PT-2024-25115 · Thinksaas · Thinksaas

Name of the Vulnerable Software and Affected Versions: ThinkSAAS version 3.7.0 Description: A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter. This...

5.4CVSS5AI score0.01076EPSS
Exploits1References7
CNNVD
CNNVDadded 2024/04/30 12:0 a.m.1 views

ThinkSAAS 安全漏洞

ThinkSAAS is an open source community development system based on PHP and MySQL. A security vulnerability exists in ThinkSAAS version v3.7.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecti...

5.4CVSS5.6AI score0.01076EPSS
Exploits1References2
CNNVD
CNNVDadded 2024/04/30 12:0 a.m.1 views

ThinkSAAS 安全漏洞

ThinkSAAS is an open source community development system based on PHP and MySQL. A security vulnerability exists in ThinkSAAS version v3.7.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecti...

6.1CVSS5.6AI score0.00825EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2024/04/30 12:0 a.m.14 views

CVE-2024-33101

A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...

5.6AI score0.00825EPSS
Exploits1References1
CNVD
CNVDadded 2021/07/09 12:0 a.m.7 views

ThinkSAAS Authorization Issues Vulnerabilities

ThinkSAAS is an open source community development system based on PHP and MySQL. ThinkSAAS version 2.7 suffers from an authorization issue vulnerability, which can be exploited by remote attackers to modify the description of any user's photo via the "photoid\%5B\%5D" and...

5.3CVSS7AI score0.00236EPSS
Exploits1References1
Rows per page
Query Builder