Thinksaas Security Vulnerabilities and Issues — Thinksaas CVE List

Lucene search

ThinksaasThinksaas

12 matches found

CVE•added 2019/09/21 6:15 p.m.•197 views

CVE-2019-16664

An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.

4.8CVSS4.8AI score0.00219EPSS

CVE•added 2019/09/21 6:15 p.m.•194 views

CVE-2019-16665

An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.

6.1CVSS5.9AI score0.00223EPSS

CVE•added 2021/07/08 5:15 p.m.•47 views

CVE-2020-18741

Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."

5.3CVSS5.3AI score0.00174EPSS

CVE•added 2024/04/30 6:15 p.m.•43 views

CVE-2024-33101

A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter.

6.1CVSS5.6AI score0.00528EPSS

Web

CVE•added 2024/04/30 6:15 p.m.•40 views

CVE-2024-33102

A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter.

5.4CVSS5.6AI score0.00665EPSS

Web

CVE•added 2024/07/21 6:15 a.m.•36 views

CVE-2024-6941

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument site_title/site_subtitle/site_key/site_desc/site_url/site_email/site_icp leads to cross site scr...

5.4CVSS3.8AI score0.00098EPSS

Web

CVE•added 2024/07/16 8:15 p.m.•35 views

CVE-2024-40455

An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.

2.7CVSS7.1AI score0.00134EPSS

CVE•added 2021/03/24 4:15 p.m.•34 views

CVE-2020-35337

ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.

9.8CVSS9.8AI score0.00527EPSS

Web

CVE•added 2024/07/16 8:15 p.m.•33 views

CVE-2024-40456

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php.

9.8CVSS8.5AI score0.00188EPSS

CVE•added 2018/08/07 7:29 a.m.•29 views

CVE-2018-15129

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter.

5.4CVSS5.2AI score0.00206EPSS

CVE•added 2024/07/21 7:15 a.m.•29 views

CVE-2024-6942

A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting. It is possible to l...

5.4CVSS3.7AI score0.00098EPSS

Web

CVE•added 2018/08/07 2:29 p.m.•24 views

CVE-2018-15130

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter.

5.4CVSS5.2AI score0.00206EPSS