Thinkcmf: >> Thinkcmf >> 6.0.7 Security Vulnerabilities
ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-12-01
ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PHPSESSID).
CVSS Score
5.4
EPSS Score
0.001
Published
2022-12-01