154 matches found
Design/Logic Flaw
An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter...
CVE-2019-16664
ThinkSAAS 2.91 is affected by CVE-2019-16664: an XSS via the parameter groupname in index.php?app=group&ac=create&ts=do. Root cause described across sources is insufficient sanitization of the groupname input, enabling cross-site scripting. Affected product/version: ThinkSAAS 2.91. The Red Hat ad...
CVE-2019-16664
An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter...
CVE-2019-16665
An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element...
CVE-2019-16665
ThinkSAAS 2.91 is affected by an XSS in the group comments page triggered by a crafted SVG in the SRC attribute of an EMBED element, via the URL index.php?app=group&ac=comment&ts=do&js=1. The issue stems from unsanitized SVG content, allowing script execution. CVSS metrics from NVD indicate CVSS ...
Stored Cross-Site Scripting Vulnerability in ThinkSAAS
ThinkSAAS is a lightweight open source community system that can be used to build discussion groups, bbs and circles. A stored cross-site scripting vulnerability exists in ThinkSAAS. An attacker can insert malicious js code into a page to obtain user cookies and other information, leading to user...
ThinkSAAS Cross-Site Scripting Vulnerability (CNVD-2018-14998)
ThinkSAAS is an open source community development system based on PHP and MySQL. A cross-site scripting vulnerability exists in ThinkSAAS 2018-07-25 and earlier versions. A remote attacker can exploit the vulnerability by sending the 'groupdesc' parameter to the index.php?app=group&ac=create&ts=d...
Code injection
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter...
CVE-2018-15130
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter...
CVE-2018-15130
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter...
CVE-2018-15130
CVE-2018-15130 affects ThinkSAAS up to 2018-07-25. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the parameter groupdesc in the URL path index.php?app=group&ac=create&ts=do, allowing injection of arbitrary web script/HTML into the page. Root cause details beyond XSS are n...
CVE-2018-15130
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter...
Code injection
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter...
CVE-2018-15129
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter...
CVE-2018-15129
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter...
CVE-2018-15129
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter...
CVE-2018-15129
ThinkSAAS up to 2018-07-25 is affected by a cross-site scripting (XSS) flaw in the content parameter for the article comment endpoint (index.php?app=article&ac=comment&ts=do content). The issue arises from user-supplied content being reflected without proper sanitization, enabling XSS. Connected ...
Stored Cross-Site Scripting Vulnerability at the Thinksaas Creation Repository
ThinkSAAS is a lightweight open source community system that can be used to build discussion groups, bbs and circles. A stored cross-site scripting vulnerability exists in Thinksaas version 2.5 at the creation repository, which can be exploited by remote attackers to inject arbitrary web script o...
Stored Cross-Site Scripting Vulnerability at Custom Inputs in Thinksaas System
ThinkSAAS is a lightweight open source community system is a community system that can be used to build discussion groups, bbs and circles. A stored cross-site scripting vulnerability exists in Thinksaas version 2.5 at the system's custom input. The system uses a blacklisting mechanism to filter...
ThinkSAAS中tsUrlCheck()函数引发注入漏洞
No description provided by source...