[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

Submit #373282: ThinkSAAS 3.7.0 Cross Site Scriptinginfo

TitleThinkSAAS 3.7.0 Cross Site Scripting
DescriptionThe ThinkSAAS 3.7.0 application contains a storage XSS vulnerability caused by insufficient sanitization of user input. Specifically, the parameters site_title, site_subtitle, site_key, site_desc, site_url, site_email, and site_icp are not properly filtered for malicious code in app/system/action/do.php. An attacker can exploit this issue by injecting malicious payloads into these parameters, leading to the execution of arbitrary JavaScript code in the context of the user's browser.
Source⚠️ https://github.com/thinksaas/ThinkSAAS/issues/36
User
 jiashenghe (UID 39445)
Submission12/07/2024 09:00 (6 månader sedan)
Moderation20/07/2024 11:45 (8 days later)
StatusAccepterad
VulDB Entry272063 [ThinkSAAS 3.7.0 app/system/action/do.php cross site scripting]
Points20

TidigareÖversiktNästa

Might our Artificial Intelligence support you?

Check our Alexa App!