Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:24 a.m.7 views

CVE-2024-33101

A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...

6.1CVSS5.9AI score0.00394EPSS
Exploits1References1
NVD
NVD
added 2024/07/16 8:15 p.m.22 views

CVE-2024-40456

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...

9.8CVSS0.0051EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/16 12:0 a.m.10 views

CVE-2024-40456

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...

8.3AI score0.0051EPSS
Exploits1References1
CVE
CVE
added 2024/07/16 12:0 a.m.44 views

CVE-2024-40456

ThinkSAAS v3.7.0 contains an SQL injection vulnerability exploitable via the name parameter in /system/action/update.php. Root cause described in connected sources as insufficient validation of external input in that endpoint. CVSS v3.1 base score 9.8 (CRITICAL) with network attack vector, no pri...

9.8CVSS8.5AI score0.0051EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/07/16 12:0 a.m.18 views

CVE-2024-40456

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...

0.0051EPSS
Exploits1References1
NVD
NVD
added 2024/04/30 6:15 p.m.17 views

CVE-2024-33101

A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...

6.1CVSS5.4AI score0.00394EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/30 12:0 a.m.27 views

CVE-2024-33101

A stored cross-site scripting XSS vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...

5.5AI score0.00394EPSS
Exploits1References1
OSV
OSV
added 2024/04/30 12:0 a.m.6 views

CVE-2024-33102

A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter...

5.4CVSS5.5AI score0.00394EPSS
Exploits1References3
Rows per page
Query Builder