Vulnerabilities > CVE-2024-6941 - Unspecified vulnerability in Thinksaas 3.7.0

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

thinksaas

NVD

Published: 2024-07-21

Updated: 2024-11-21

Summary

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument site_title/site_subtitle/site_key/site_desc/site_url/site_email/site_icp leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272063.

Vulnerable Configurations

Part	Description	Count
Application	Thinksaas Thinksaas Thinksaas 3.7.0	1

References

https://github.com/thinksaas/ThinkSAAS/issues/36
https://github.com/thinksaas/ThinkSAAS/issues/36
https://vuldb.com/?ctiid.272063
https://vuldb.com/?ctiid.272063
https://vuldb.com/?id.272063
https://vuldb.com/?id.272063
https://vuldb.com/?submit.373282
https://vuldb.com/?submit.373282