CVE-2023-3541: ThinuTech ThinuCMS author_posts.php cross site scripting
First published: Fri Jul 07 2023(Updated: )
A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12<script>alert(1)</script>o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thinutech Thinu-cms | =1.5 | |
| Apple Webkit | ||
| Microsoft Power Platform | ||
| Microsoft Azure Logic Apps | ||
| Microsoft Windows | ||
| Adobe Prelude | ||
| Adobe Illustrator | ||
| Adobe InDesign | ||
| Adobe Dimension | ||
| Adobe Experience Manager | ||
| Adobe Substance3D Stager | ||
| Adobe Substance3D Sampler | ||
| Adobe Substance3D After Effects | ||
| Adobe Substance3D Designer | ||
| Google Android | ||
| SAP Business Technology Platform (SAP BTP) | ||
| Atlassian Bamboo | ||
| Atlassian Bitbucket | ||
| Atlassian JIRA | ||
| Atlassian Confluence Data Center | ||
| Atlassian Confluence Server | ||
| Cisco Apache Struts | ||
| VMware Workspace ONE Launcher | ||
| FortiGuard FortiOS | ||
| FortiGuard FortiPAM HTTPSd daemon | ||
| =1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-3541.
What is the title of the vulnerability?
The title of the vulnerability is ThinuTech ThinuCMS author_posts.php cross site scripting.
What is the severity of CVE-2023-3541?
The severity of CVE-2023-3541 is medium with a severity value of 6.1.
What is the affected software?
The affected software is ThinuTech ThinuCMS 1.5.
How can I fix CVE-2023-3541?
To fix CVE-2023-3541, apply the latest update or patch provided by ThinuTech.
- collector/nvd-index
- collector/mitre-cve
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- zeroday/true
- agent/software-canonical-lookup-request
- agent/title
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/tags
- agent/description
- collector/nvd-api
- source/NVD
- vendor/thinutech
- canonical/thinutech thinu-cms
- version/thinutech thinu-cms/1.5
- vendor/apple
- canonical/apple webkit
- vendor/microsoft
- canonical/microsoft power platform
- canonical/microsoft azure logic apps
- canonical/microsoft windows
- vendor/adobe
- canonical/adobe prelude
- canonical/adobe illustrator
- canonical/adobe indesign
- canonical/adobe dimension
- canonical/adobe experience manager
- canonical/adobe substance3d stager
- canonical/adobe substance3d sampler
- canonical/adobe substance3d after effects
- canonical/adobe substance3d designer
- vendor/google
- canonical/google android
- vendor/sap
- canonical/sap business technology platform (sap btp)
- vendor/atlassian
- canonical/atlassian bamboo
- canonical/atlassian bitbucket
- canonical/atlassian jira
- canonical/atlassian confluence data center
- canonical/atlassian confluence server
- vendor/cisco
- canonical/cisco apache struts
- vendor/vmware
- canonical/vmware workspace one launcher
- vendor/fortiguard
- canonical/fortiguard fortios
- canonical/fortiguard fortipam httpsd daemon