Skip to main content

Thinksaas

10 CVEs product

Monthly

CVE-2024-6942 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinksaas
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6941 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinksaas
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-40456 CRITICAL POC Act Now

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thinksaas
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-40455 LOW POC Monitor

An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Thinksaas
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2024-33102 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinksaas
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-33101 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinksaas
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2019-16665 MEDIUM POC This Month

An issue was discovered in ThinkSAAS 2.91. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Thinksaas
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-16664 MEDIUM POC This Month

An issue was discovered in ThinkSAAS 2.91. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Thinksaas
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2018-15130 MEDIUM POC This Month

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Thinksaas
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-15129 MEDIUM POC This Month

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Thinksaas
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinksaas
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinksaas
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Thinksaas
NVD
EPSS 0% CVSS 2.7
LOW POC Monitor

An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Thinksaas
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinksaas
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinksaas
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in ThinkSAAS 2.91. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Thinksaas
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An issue was discovered in ThinkSAAS 2.91. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Thinksaas
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Thinksaas
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Thinksaas
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy