Thinksaas: >> Thinksaas >> 2.91 Security Vulnerabilities
ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-03-24
An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-09-21
An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-21