9 matches found
EUVD-2022-7684
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
thinkcmf/thinkcmf is vulnerable to cross-site scripting.The vulnerability exists in multiple functions due to insufficient sanitization of the slideshow management section which allows an attacker to inject and execute malicious JavaScript into the system...
GHSA-M9MF-RQX6-2XPC ThinkCMF Stored Cross-Site Scripting (XSS)
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...
ThinkCMF Stored Cross-Site Scripting (XSS)
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...
CVE-2022-40849
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...
CVE-2022-40849
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...
Cross site scripting
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...
CVE-2022-40849
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...
PT-2022-25579 · Thinkcmf · Thinkcmf
Name of the Vulnerable Software and Affected Versions: ThinkCMF version 6.0.7 Description: The issue allows an attacker to inject a Persistent XSS payload in the Slideshow Management section, executing arbitrary JavaScript code on the client side. This could be used to steal the administrator's P...