Vulnerabilities > Thinksaas
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-21 | CVE-2024-6942 | Unspecified vulnerability in Thinksaas 3.7.0 A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. | 5.4 |
| 2024-07-21 | CVE-2024-6941 | Unspecified vulnerability in Thinksaas 3.7.0 A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. | 5.4 |
| 2021-07-08 | CVE-2020-18741 | Unspecified vulnerability in Thinksaas 2.7 Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo." | 5.3 |
| 2021-03-24 | CVE-2020-35337 | SQL Injection vulnerability in Thinksaas ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands. | 9.8 |
| 2019-09-21 | CVE-2019-16665 | Cross-site Scripting vulnerability in Thinksaas 2.91 An issue was discovered in ThinkSAAS 2.91. | 6.1 |
| 2019-09-21 | CVE-2019-16664 | Cross-site Scripting vulnerability in Thinksaas 2.91 An issue was discovered in ThinkSAAS 2.91. | 4.8 |
| 2018-08-07 | CVE-2018-15130 | Cross-site Scripting vulnerability in Thinksaas 2.6 ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. | 5.4 |
| 2018-08-07 | CVE-2018-15129 | Cross-site Scripting vulnerability in Thinksaas 2.6 ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. | 5.4 |