Thinksaas: >> Thinksaas >> 2.6 Security Vulnerabilities
ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-03-24
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-08-07
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-08-07