Vulnerabilities > Thinksaas
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-08 | CVE-2020-18741 | Unspecified vulnerability in Thinksaas 2.7 Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo." | 5.0 |
2021-03-24 | CVE-2020-35337 | SQL Injection vulnerability in Thinksaas 2.6/2.91 ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands. | 7.5 |
2019-09-21 | CVE-2019-16665 | Cross-site Scripting vulnerability in Thinksaas 2.91 An issue was discovered in ThinkSAAS 2.91. | 4.3 |
2019-09-21 | CVE-2019-16664 | Cross-site Scripting vulnerability in Thinksaas 2.91 An issue was discovered in ThinkSAAS 2.91. | 3.5 |
2018-08-07 | CVE-2018-15130 | Cross-site Scripting vulnerability in Thinksaas 2.6 ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. | 3.5 |
2018-08-07 | CVE-2018-15129 | Cross-site Scripting vulnerability in Thinksaas 2.6 ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. | 3.5 |