Lucene search
K

154 matches found

Prion
Prion
added 2019/09/21 6:15 p.m.15 views

Design/Logic Flaw

An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter...

3.5CVSS4.8AI score0.00592EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/09/21 5:45 p.m.208 views

CVE-2019-16664

ThinkSAAS 2.91 is affected by CVE-2019-16664: an XSS via the parameter groupname in index.php?app=group&ac=create&ts=do. Root cause described across sources is insufficient sanitization of the groupname input, enabling cross-site scripting. Affected product/version: ThinkSAAS 2.91. The Red Hat ad...

4.8CVSS4.8AI score0.00592EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/21 5:45 p.m.24 views

CVE-2019-16664

An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter...

4.9AI score0.00592EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/09/21 5:44 p.m.21 views

CVE-2019-16665

An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element...

6AI score0.00749EPSS
Exploits1References1
CVE
CVE
added 2019/09/21 5:44 p.m.206 views

CVE-2019-16665

ThinkSAAS 2.91 is affected by an XSS in the group comments page triggered by a crafted SVG in the SRC attribute of an EMBED element, via the URL index.php?app=group&ac=comment&ts=do&js=1. The issue stems from unsanitized SVG content, allowing script execution. CVSS metrics from NVD indicate CVSS ...

6.1CVSS5.9AI score0.00749EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/11/25 12:0 a.m.1 views

Stored Cross-Site Scripting Vulnerability in ThinkSAAS

ThinkSAAS is a lightweight open source community system that can be used to build discussion groups, bbs and circles. A stored cross-site scripting vulnerability exists in ThinkSAAS. An attacker can insert malicious js code into a page to obtain user cookies and other information, leading to user...

6.3AI score
Exploits0
CNVD
CNVD
added 2018/08/09 12:0 a.m.5 views

ThinkSAAS Cross-Site Scripting Vulnerability (CNVD-2018-14998)

ThinkSAAS is an open source community development system based on PHP and MySQL. A cross-site scripting vulnerability exists in ThinkSAAS 2018-07-25 and earlier versions. A remote attacker can exploit the vulnerability by sending the 'groupdesc' parameter to the index.php?app=group&ac=create&ts=d...

5.4CVSS5.3AI score0.00667EPSS
Exploits1References1
Prion
Prion
added 2018/08/07 2:29 p.m.16 views

Code injection

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter...

3.5CVSS5.2AI score0.00667EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/08/07 2:29 p.m.4 views

CVE-2018-15130

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter...

5.4CVSS5.8AI score0.00667EPSS
Exploits1References1
NVD
NVD
added 2018/08/07 2:29 p.m.17 views

CVE-2018-15130

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter...

5.4CVSS5.3AI score0.00667EPSS
Exploits1References1
CVE
CVE
added 2018/08/07 2:0 p.m.37 views

CVE-2018-15130

CVE-2018-15130 affects ThinkSAAS up to 2018-07-25. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the parameter groupdesc in the URL path index.php?app=group&ac=create&ts=do, allowing injection of arbitrary web script/HTML into the page. Root cause details beyond XSS are n...

5.4CVSS5.2AI score0.00667EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/08/07 2:0 p.m.19 views

CVE-2018-15130

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter...

5.3AI score0.00667EPSS
Exploits1References1
Prion
Prion
added 2018/08/07 7:29 a.m.15 views

Code injection

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter...

3.5CVSS5.2AI score0.00667EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/08/07 7:29 a.m.18 views

CVE-2018-15129

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter...

5.4CVSS5.3AI score0.00667EPSS
Exploits1References1
OSV
OSV
added 2018/08/07 7:29 a.m.6 views

CVE-2018-15129

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter...

5.4CVSS5.8AI score0.00667EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/08/07 7:0 a.m.20 views

CVE-2018-15129

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter...

5.3AI score0.00667EPSS
Exploits1References1
CVE
CVE
added 2018/08/07 7:0 a.m.41 views

CVE-2018-15129

ThinkSAAS up to 2018-07-25 is affected by a cross-site scripting (XSS) flaw in the content parameter for the article comment endpoint (index.php?app=article&ac=comment&ts=do content). The issue arises from user-supplied content being reflected without proper sanitization, enabling XSS. Connected ...

5.4CVSS5.2AI score0.00667EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2017/04/25 12:0 a.m.3 views

Stored Cross-Site Scripting Vulnerability at the Thinksaas Creation Repository

ThinkSAAS is a lightweight open source community system that can be used to build discussion groups, bbs and circles. A stored cross-site scripting vulnerability exists in Thinksaas version 2.5 at the creation repository, which can be exploited by remote attackers to inject arbitrary web script o...

6AI score
Exploits0
CNVD
CNVD
added 2017/04/24 12:0 a.m.4 views

Stored Cross-Site Scripting Vulnerability at Custom Inputs in Thinksaas System

ThinkSAAS is a lightweight open source community system is a community system that can be used to build discussion groups, bbs and circles. A stored cross-site scripting vulnerability exists in Thinksaas version 2.5 at the system's custom input. The system uses a blacklisting mechanism to filter...

5.7AI score
Exploits0
seebug.org
seebug.org
added 2016/01/09 12:0 a.m.18 views

ThinkSAAS中tsUrlCheck()函数引发注入漏洞

No description provided by source...

7.1AI score
Exploits0
Rows per page
Query Builder