Submit #373289: ThinkSAAS 3.7.0 Cross Site Scriptinginfo

TitleThinkSAAS 3.7.0 Cross Site Scripting
DescriptionThinkSAAS version 3.7.0 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities occur due to the lack of proper filtering of input variables in the `app/system/action/anti.php` file. The vulnerabilities are present in various functionalities such as IP filtering, Email filtering, and Phone number filtering in the admin panel's Security Center, all of which call `anti.php`.
Source⚠️ https://github.com/thinksaas/ThinkSAAS/issues/37
User
 jiashenghe (UID 39445)
Submission07/12/2024 09:27 (2 years ago)
Moderation07/20/2024 11:46 (8 days later)
StatusAccepted
VulDB entry272064 [ThinkSAAS 3.7.0 Admin Panel Security Center anti.php ip/email/phone cross site scripting]
Points19

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!

n $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } } ?>