CVE-2024-6941 | ThinkSAAS 3.7.0 app/system/action/do.php cross site scripting (Issue 36)

Posted by Angelo Barbosa | Jul 20, 2024 | CVE

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument site_title/site_subtitle/site_key/site_desc/site_url/site_email/site_icp leads to cross site scripting.

The identification of this vulnerability is CVE-2024-6941. The attack may be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-6941 | ThinkSAAS 3.7.0 app/system/action/do.php cross site scripting (Issue 36)

Related Posts

CVE-2023-52443 | Linux Kernel up to 6.7.1 apparmor unpack_profile denial of service

CVE-2024-1770 | Meta Tag Manager Plugin up to 3.0.2 on WordPress code injection

CVE-2024-8310 | OPW Fuel Managements Systems SiteSentinel prior 17Q2.1 missing authentication (icsa-24-268-01)

CVE-2024-2197 | Chirp Access hard-coded credentials (icsa-24-067-01)