149 matches found
Cross site scripting
Cross Site Scripting XSS vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted userlogin...
CVE-2020-25915
Cross Site Scripting XSS vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted userlogin...
PT-2023-11743 · Thinkcmf · Thinkcmf
Name of the Vulnerable Software and Affected Versions: ThinkCMF version 5.1.5 Description: The issue is a Cross Site Scripting XSS vulnerability in the UserController.php file, which allows attackers to execute arbitrary code via a crafted user login. This can lead to unauthorized access and...
CVE-2020-25915
ThinkCMF 5.1.5 has a Cross-Site Scripting (XSS) vulnerability in UserController.php (CVE-2020-25915). Exploitation via crafted user_login could allow arbitrary code execution on affected systems. The issue is described consistently across NVD/Red Hat/CNVD/OSV entries and related advisories. No co...
CVE-2020-25915
Cross Site Scripting XSS vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted userlogin...
ThinkCMF 跨站脚本漏洞
ThinkCMF is a CMS Content Management System based on ThinkPHP. A cross-site scripting vulnerability exists in ThinkCMF version 5.1.5, which stems from the lack of effective filtering and escaping of user-supplied data in the file UserController.php, and can be exploited by an attacker to execute...
VulnCheck KEV: CVE-2019-7580
ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admincategory/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection...
Cross-site Scripting (XSS)
thinkcmf/thinkcmf is vulnerable to cross-site scripting.The vulnerability exists in multiple functions due to insufficient sanitization of the slideshow management section which allows an attacker to inject and execute malicious JavaScript into the system...
GHSA-6XW3-CPQJ-8MXR ThinkCMF Cross Site Request Forgery (CSRF) vulnerability
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery CSRF vulnerability that allows a Super Administrator user to be injected into administrative users...
ThinkCMF Cross Site Request Forgery (CSRF) vulnerability
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery CSRF vulnerability that allows a Super Administrator user to be injected into administrative users...
GHSA-M9MF-RQX6-2XPC ThinkCMF Stored Cross-Site Scripting (XSS)
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...
ThinkCMF Stored Cross-Site Scripting (XSS)
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...
CVE-2022-40849
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...
CVE-2022-40489
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery CSRF vulnerability that allows a Super Administrator user to be injected into administrative users...
Cross site request forgery (csrf)
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery CSRF vulnerability that allows a Super Administrator user to be injected into administrative users...
Cross site scripting
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...
CVE-2022-40489
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery CSRF vulnerability that allows a Super Administrator user to be injected into administrative users...
CVE-2022-40849
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...
CVE-2022-40489
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery CSRF vulnerability that allows a Super Administrator user to be injected into administrative users...
ThinkCMF 跨站请求伪造漏洞
ThinkCMF is a CMS Content Management System based on ThinkPHP. A security vulnerability exists in ThinkCMF version 6.0.7, which stems from vulnerability to cross-site request forgery CSRF vulnerability...