Vulnerabilities > Thinksaas

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-08	CVE-2020-18741	Unspecified vulnerability in Thinksaas 2.7 Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo." network low complexity thinksaas	5.0
2021-03-24	CVE-2020-35337	SQL Injection vulnerability in Thinksaas 2.6/2.91 ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands. network low complexity thinksaas CWE-89	7.5
2019-09-21	CVE-2019-16665	Cross-site Scripting vulnerability in Thinksaas 2.91 An issue was discovered in ThinkSAAS 2.91. network thinksaas CWE-79	4.3
2019-09-21	CVE-2019-16664	Cross-site Scripting vulnerability in Thinksaas 2.91 An issue was discovered in ThinkSAAS 2.91. network thinksaas CWE-79	3.5
2018-08-07	CVE-2018-15130	Cross-site Scripting vulnerability in Thinksaas 2.6 ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. network thinksaas CWE-79	3.5
2018-08-07	CVE-2018-15129	Cross-site Scripting vulnerability in Thinksaas 2.6 ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. network thinksaas CWE-79	3.5

Vulnerabilities > Thinksaas {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Thinksaas"}]}