CVE-2023-3541: ThinuTech ThinuCMS author_posts.php cross site scripting
First published: Fri Jul 07 2023(Updated: )
A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12<script>alert(1)</script>o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thinu-cms | =1.5 | |
| WebKit | ||
| Microsoft Power Platform | ||
| Azure Logic Apps | ||
| Microsoft Windows | ||
| Adobe Prelude | ||
| Adobe Illustrator 2024 | ||
| Adobe InDesign 2025 | ||
| Adobe Dimension | ||
| Adobe Experience Manager | ||
| Adobe Substance 3D Stager | ||
| Adobe Substance 3D Sampler | ||
| Adobe After Effects 2025 | ||
| Trimble ProDesign 3D | ||
| Android | ||
| SAP Business Technology Platform | ||
| Bamboo | ||
| Atlassian Bitbucket | ||
| Atlassian Jira | ||
| Atlassian Confluence Server/Data Center | ||
| Atlassian Confluence Server and Data Server | ||
| Apache Struts | ||
| VMware Workspace ONE Launcher | ||
| FortiOS | ||
| FortiGuard FortiPAM |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-3541.
What is the title of the vulnerability?
The title of the vulnerability is ThinuTech ThinuCMS author_posts.php cross site scripting.
What is the severity of CVE-2023-3541?
The severity of CVE-2023-3541 is medium with a severity value of 6.1.
What is the affected software?
The affected software is ThinuTech ThinuCMS 1.5.
How can I fix CVE-2023-3541?
To fix CVE-2023-3541, apply the latest update or patch provided by ThinuTech.
- agent/references
- agent/type
- agent/first-publish-date
- agent/title
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/event
- agent/author
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- zeroday/true
- vendor/thinutech
- canonical/thinu-cms
- version/thinu-cms/1.5
- vendor/apple
- canonical/webkit
- vendor/microsoft
- canonical/microsoft power platform
- canonical/azure logic apps
- canonical/microsoft windows
- vendor/adobe
- canonical/adobe prelude
- canonical/adobe illustrator 2024
- canonical/adobe indesign 2025
- canonical/adobe dimension
- canonical/adobe experience manager
- canonical/adobe substance 3d stager
- canonical/adobe substance 3d sampler
- canonical/adobe after effects 2025
- canonical/trimble prodesign 3d
- vendor/google
- canonical/android
- vendor/sap
- canonical/sap business technology platform
- vendor/atlassian
- canonical/bamboo
- canonical/atlassian bitbucket
- canonical/atlassian jira
- canonical/atlassian confluence server/data center
- canonical/atlassian confluence server and data server
- vendor/cisco
- canonical/apache struts
- vendor/vmware
- canonical/vmware workspace one launcher
- vendor/fortiguard
- canonical/fortios
- canonical/fortiguard fortipam