Submit #373282: ThinkSAAS 3.7.0 Cross Site Scriptinginfo

TitelThinkSAAS 3.7.0 Cross Site Scripting
BeschreibungThe ThinkSAAS 3.7.0 application contains a storage XSS vulnerability caused by insufficient sanitization of user input. Specifically, the parameters site_title, site_subtitle, site_key, site_desc, site_url, site_email, and site_icp are not properly filtered for malicious code in app/system/action/do.php. An attacker can exploit this issue by injecting malicious payloads into these parameters, leading to the execution of arbitrary JavaScript code in the context of the user's browser.
Quelle⚠️ https://github.com/thinksaas/ThinkSAAS/issues/36
Benutzer
 jiashenghe (UID 39445)
Einreichung12.07.2024 09:00 (vor 2 Jahren)
Moderieren20.07.2024 11:45 (8 days later)
StatusAkzeptiert
VulDB Eintrag272063 [ThinkSAAS 3.7.0 app/system/action/do.php Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!