CVE-2024-6941: ThinkSAAS do.php cross site scripting
First published: Sun Jul 21 2024(Updated: )
A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument site_title/site_subtitle/site_key/site_desc/site_url/site_email/site_icp leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272063.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thinksaas | =3.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-6941?
CVE-2024-6941 is classified as a problematic vulnerability.
How do I fix CVE-2024-6941?
To fix CVE-2024-6941, update your ThinkSAAS software to the latest version.
What components are affected by CVE-2024-6941?
CVE-2024-6941 affects the file app/system/action/do.php in ThinkSAAS 3.7.0.
What types of attacks are possible with CVE-2024-6941?
CVE-2024-6941 may allow attackers to manipulate certain arguments like site_title and site_url.
Is CVE-2024-6941 exploitable remotely?
Yes, CVE-2024-6941 can be exploited remotely if the vulnerable component is exposed.
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/thinksaas
- canonical/thinksaas
- version/thinksaas/3.7.0